Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pkcs12Kdf can stack overflow with an exceptionally large password #68419

Closed
vcsjones opened this issue Apr 22, 2022 · 1 comment · Fixed by #68422
Closed

Pkcs12Kdf can stack overflow with an exceptionally large password #68419

vcsjones opened this issue Apr 22, 2022 · 1 comment · Fixed by #68422
Assignees
@vcsjones
Labels
area-System.Security

Comments

@vcsjones
Copy link
Member

The following code will produce a stack overflow within Pkcs12Kdf.

using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;

Pkcs12Builder builder = new();
ReadOnlySpan<char> password = new string('0', (int.MaxValue - 255) / 2);
builder.SealWithMac(password, HashAlgorithmName.SHA512, 1);

This overflows calculating the length of P, which causes a negative value to go in to the stackalloc here:

runtime/src/libraries/Common/src/System/Security/Cryptography/Pkcs12Kdf.cs

Lines 133 to 142 in 9a0b22a

int PLen = ((passLen - 1 + vBytes) / vBytes) * vBytes;
// 4. Set I=S||P to be the concatenation of S and P.
int ILen = SLen + PLen;
Span<byte> I = stackalloc byte[0];
byte[]? IRented = null;
if (ILen <= 1024)
{
I = stackalloc byte[ILen];

This is an unusual use case to have a password that large, but we should probably have a checked arithmetic operation here.
@ghost
Copy link

ghost commented Apr 22, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

The following code will produce a stack overflow within Pkcs12Kdf.

using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;

Pkcs12Builder builder = new();
ReadOnlySpan<char> password = new string('0', (int.MaxValue - 255) / 2);
builder.SealWithMac(password, HashAlgorithmName.SHA512, 1);

This overflows calculating the length of P, which causes a negative value to go in to the stackalloc here:

runtime/src/libraries/Common/src/System/Security/Cryptography/Pkcs12Kdf.cs

Lines 133 to 142 in 9a0b22a

int PLen = ((passLen - 1 + vBytes) / vBytes) * vBytes;
// 4. Set I=S||P to be the concatenation of S and P.
int ILen = SLen + PLen;
Span<byte> I = stackalloc byte[0];
byte[]? IRented = null;
if (ILen <= 1024)
{
I = stackalloc byte[ILen];

This is an unusual use case to have a password that large, but we should probably have a checked arithmetic operation here.

Author: vcsjones
Assignees: -
Labels:

area-System.Security
Milestone: -

@vcsjones vcsjones self-assigned this Apr 22, 2022
@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Apr 22, 2022
@vcsjones vcsjones mentioned this issue Apr 22, 2022
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Apr 22, 2022
@ghost ghost removed untriaged New issue has not been triaged by the area owner in-pr There is an active PR which will close this issue when it is merged labels Apr 26, 2022
@ghost ghost locked as resolved and limited conversation to collaborators May 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vcsjones vcsjones

Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use checked arithmetic to prevent stack overflow in Pkcs12Kdf vcsjones/runtime
1 participant
@vcsjones