scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed buffer overflow when calling pcp_scrypt(), used invalid passwd size

Browse Source
This commit is contained in:
git@daemon.de
2014-03-10 16:57:01 +01:00
parent 71faa88592
commit 5e82b7ec7b
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/encryption.c
View File

@@ -70,10 +70,10 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
} }
else { else {
passphrase = ucmalloc(strlen(passwd)+1); passphrase = ucmalloc(strlen(passwd)+1);
strncpy(passphrase, passwd, strlen(passwd)+1); strncpy(passphrase, passwd, strlen(passwd));
} }
symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt, 90); symkey = pcp_scrypt(passphrase, strlen(passphrase), salt, 90);
free(salt); free(salt);
} }
else { else {
@@ -159,12 +159,12 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
} }
else { else {
passphrase = ucmalloc(strlen(passwd)+1); passphrase = ucmalloc(strlen(passwd)+1);
strncpy(passphrase, passwd, strlen(passwd)+1); strncpy(passphrase, passwd, strlen(passwd));
} }
byte *salt = ucmalloc(90); /* FIXME: use random salt, concat it with result afterwards */ byte *salt = ucmalloc(90); /* FIXME: use random salt, concat it with result afterwards */
char stsalt[] = PBP_COMPAT_SALT; char stsalt[] = PBP_COMPAT_SALT;
memcpy(salt, stsalt, 90); memcpy(salt, stsalt, 90);
symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt, 90); symkey = pcp_scrypt(passphrase, strlen(passphrase), salt, 90);
free(salt); free(salt);
} }
else if(id != NULL && recipient == NULL) { else if(id != NULL && recipient == NULL) {