Hi all,
I've noticed that providing a random payload to a des_cbc_pad decrypt
would make the software token crash.
It seems to me that the cause should be in strip_pkcs_padding function
in usr/lib/pkcs11/common/utility.c which does not check for a valid pad len.
The attached patch should solve the problem.
Cheers,
matteo.
--- utility.c.orig 2010-11-26 14:02:29.000000000 +0100
+++ utility.c 2010-11-26 14:03:46.000000000 +0100
@@ -1178,6 +1178,8 @@
CK_BYTE pad_value;
pad_value = ptr[total_len - 1];
+ if (pad_value > total_len)
+ return CKR_ENCRYPTED_DATA_INVALID;
// thus, we have 'pad_value' bytes of 'pad_value' appended to the end
//
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
