diff options
| author | Richard Levitte <levitte@openssl.org> | 2016-11-04 14:21:46 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-10 13:04:05 +0000 |
| commit | 99d97842ddb5fbbbfb5e9820a64ebd19afe569f6 (patch) | |
| tree | b7c0b1f303044192ea3da585dcfc9489c20a4d68 /crypto/evp | |
| parent | 53c6cbf6e9a6e4fe2433a89bf3c970355dd1e29a (diff) | |
chacha20/poly1305: make sure to clear the buffer at correct position
The offset to the memory to clear was incorrect, causing a heap buffer
overflow.
CVE-2016-7054
Thanks to Robert Święcki for reporting this
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/e_chacha20_poly1305.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index cf4097ba5d..952bd3fca7 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); } else { if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { - memset(out, 0, plen); + memset(out - plen, 0, plen); return -1; } } |