validate encrypted queue buffer sizes before processing auth tag and IV data:

poolpOrg · poolpOrg · commit b5293542b6ef · 2026-05-26T22:39:33.000Z
current callers already treat malformed input as a decrypt failure but rejecting
truncated buffers earlier makes boundary conditions more explicit.

diff by Stuart Thomas &lt;stuart.thomas@triageforge.co.uk&gt;
diff --git a/usr.sbin/smtpd/crypto.c b/usr.sbin/smtpd/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.10 2021/06/14 17:58:15 eric Exp $	 */
+/* $OpenBSD: crypto.c,v 1.11 2026/05/26 22:39:33 gilles Exp $	 */
 
 /*
  * Copyright (c) 2013 Gilles Chehade <gilles@openbsd.org>
@@ -274,8 +274,10 @@ crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
 	int		len = 0;
 	int		ret = 0;
 
-	/* out does not have enough room */
-	if (outlen < inlen - sizeof tag + sizeof iv)
+	/* input buffer too small or out does not have enough room */
+	if (inlen < sizeof(tag) + sizeof(iv) + 1)
+		return 0;
+	if (outlen < inlen - sizeof(tag) - sizeof(iv) - 1)
 		return 0;
 
 	/* extract tag */
