From 8d1f7753f679b12a8e57f8b5c4b529bb627ba6c5 Mon Sep 17 00:00:00 2001 From: Nick ODell Date: Fri, 2 Aug 2013 13:21:02 -0600 Subject: [PATCH] Fix bug where memcpy could overrun buffer --- core/net_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/net_crypto.c b/core/net_crypto.c index 31fb24be..3233d875 100644 --- a/core/net_crypto.c +++ b/core/net_crypto.c @@ -69,8 +69,8 @@ int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) return -1; - uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; - uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; + uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0}; + uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES]; memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */ @@ -101,8 +101,8 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) return -1; - uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; - uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; + uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES]; + uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0}; memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */