Skip to content

fix: resource exhaustion from an incomplete encrypted message #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 26, 2020
Merged

fix: resource exhaustion from an incomplete encrypted message #348

merged 1 commit into from
May 26, 2020

Conversation

@seebees
Copy link
Contributor

@seebees seebees commented May 26, 2020

Decrypt needs to actively verify
that it has reached the end of the encrypted message.
This fix ensures an error on an incomplete encrypted message

Also, the signature_info parsing needed to be updated,
to handle an incomplete signature block.

Browsers were never impacted,
but the tests were included for completeness.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@seebees seebees requested review from a team May 26, 2020 18:49
@seebees
fix: resource exhaustion from an incomplete encrypted message
470fb45 
Decrypt needs to actively verify
that it has reached the end of the encrypted message.
This fix ensures an error on an incomplete encrypted message

Also, the signature_info parsing needed to be updated,
to handle an incomplete signature block.

Browsers were never impacted,
but the tests were included for completeness.
@seebees seebees force-pushed the incomplete-ciphertext branch from 19caf58 to 470fb45 Compare May 26, 2020 19:05
mattsb42-aws
mattsb42-aws approved these changes May 26, 2020
View reviewed changes
Copy link
Member

@mattsb42-aws mattsb42-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks right to me.

@seebees seebees merged commit 8c81013 into aws:master May 26, 2020
@seebees seebees deleted the incomplete-ciphertext branch May 26, 2020 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattsb42-aws mattsb42-aws mattsb42-aws approved these changes

+1 more reviewer

@scottarc scottarc scottarc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seebees @mattsb42-aws @scottarc