Fix padding error checking

Fixes a regression unfortunately introduced with 808a8eee and not properly understood at the time

Fix padding error checking
Fixes a regression unfortunately introduced with 808a8eee and not properly understood at the time
92a4b658 · Nils Goroll · 09c146d4 · 92a4b658 · 92a4b658
Unverified Commit 92a4b658 authored Nov 06, 2021 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

padding_error.vtc src/tests/padding_error.vtc +0 -0

vmod_gcrypt.c src/vmod_gcrypt.c +8 -1

No files found.
--- a/src/tests.disabled/padding_error.vtc
+++ b/src/tests.disabled/padding_error.vtc
--- a/src/vmod_gcrypt.c
+++ b/src/vmod_gcrypt.c
@@ -580,6 +580,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 	gcry_error_t err = GPG_ERR_NO_ERROR;
 	gcry_cipher_hd_t *hd;
 	size_t blocklen;
+	ssize_t padlen;
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(symmetric, VMOD_GCRYPT_SYMMETRIC_MAGIC);
@@ -660,10 +661,16 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 			     blocklen);
 			goto fail;
 		}
-		plaintext->len =
+		padlen =
 			(unpadlenf[symmetric->padding])(plain,
 							ciphertext->len,
 							blocklen);
+		if (padlen < 0) {
+			VERR(ctx, "in %s.decrypt(): incorrect padding",
+			     symmetric->vcl_name);
+			goto fail;
+		}
+		plaintext->len = padlen;
 	}
 	WS_Release(ctx->ws, plaintext->len);
 	return plaintext;