diff options
author | Richard Levitte <levitte@openssl.org> | 2016-11-04 14:21:46 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-11-10 13:04:11 +0000 |
commit | bf52165bda53524a267c784696bd074111a2f178 (patch) | |
tree | 710c07a4175062ccf8352192dfd797bb657cc558 /crypto | |
parent | a54aba531327285f64cf13a909bc129e9f9d5970 (diff) |
chacha20/poly1305: make sure to clear the buffer at correct position
The offset to the memory to clear was incorrect, causing a heap buffer
overflow.
CVE-2016-7054
Thanks to Robert Święcki for reporting this
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/e_chacha20_poly1305.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index cf4097ba5d..952bd3fca7 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); } else { if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { - memset(out, 0, plen); + memset(out - plen, 0, plen); return -1; } } |