mirror of
https://github.com/irungentoo/toxcore.git
synced 2024-03-22 13:30:51 +08:00
Fix bug where memcpy could overrun buffer
This commit is contained in:
parent
eba7fdb9ba
commit
8d1f7753f6
|
@ -69,8 +69,8 @@ int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0)
|
if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0};
|
uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
|
||||||
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
|
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
|
||||||
|
|
||||||
memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */
|
memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */
|
||||||
|
|
||||||
|
@ -101,8 +101,8 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
|
if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES];
|
uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
|
||||||
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
|
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
|
||||||
|
|
||||||
memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
|
memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user