Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for overflow on input lengths #195

Merged
merged 1 commit into from Feb 26, 2017
Merged

Check for overflow on input lengths #195

merged 1 commit into from Feb 26, 2017

Conversation

sneves
Copy link
Contributor

@sneves sneves commented Feb 26, 2017

On 64-bit architectures it is currently possible to have passwords that hash and verify to the same value, as demonstrated below:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>

#include "argon2.h"

int main(void) {
    unsigned char out[32];
    char encoded[108];
    int ret;

    const char pwd[] = "a not very long password";
    const char salt[] = "a very long salt";

    ret = argon2_hash(2, 1 << 16, 1, pwd, strlen(pwd), salt, strlen(salt), out,
                      sizeof(out), encoded, sizeof(encoded), Argon2_i, ARGON2_VERSION_13);
    assert(ret == ARGON2_OK);

    ret = argon2_verify(encoded, pwd, strlen(pwd), Argon2_i);
    assert(ret == ARGON2_OK);

    char * pwd2 = (char *)calloc(strlen(pwd) + (1ULL << 32) + 1, 1);
    memset(pwd2, 'A', strlen(pwd) + (1ULL << 32));
    memcpy(pwd2, pwd, strlen(pwd));

    ret = argon2_verify(encoded, pwd2, strlen(pwd2), Argon2_i);
    assert(ret == ARGON2_OK);

    printf("BUG\n");
}

The reason for this is that argon2_verify receives a size_t password length, but it is converted to uint32_t before being verified in validate_inputs. Therefore truncation can occur.

Checks to prevent this used to exist on argon2_hash but were removed in #131. On argon2_verify, as far as I can tell, they never existed.

@codecov-io
Copy link

Codecov Report

Merging #195 into master will decrease coverage by -0.41%.
The diff coverage is 42.85%.

@@            Coverage Diff             @@
##           master     #195      +/-   ##
==========================================
- Coverage   68.38%   67.98%   -0.41%     
==========================================
  Files           9        9              
  Lines        1006     1012       +6     
  Branches      163      166       +3     
==========================================
  Hits          688      688              
- Misses        242      245       +3     
- Partials       76       79       +3
Impacted Files Coverage Δ
src/argon2.c 43.04% <42.85%> (-1.16%)
src/opt.c 92.59% <0%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 69341f7...9f1e531. Read the comment docs.

@veorq veorq merged commit 6f5427f into master Feb 26, 2017
@sneves sneves deleted the bugfix branch February 26, 2017 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sneves @codecov-io @veorq