Skip to content
Permalink
Browse files

fix buffer overflow when input length less than block size

Just remove a useless block copy

This undefined behavior has been found during a formal audit by the means of TrustInSoft Analyzer.
  • Loading branch information...
Vincent BENAYOUN
Vincent BENAYOUN committed May 6, 2015
1 parent 1f4c252 commit 144c680f3515a7726864b7cfb608eb88c579b823
Showing with 0 additions and 6 deletions.
  1. +0 −6 aes.c
6 aes.c
@@ -510,9 +510,6 @@ void AES128_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length,
const intptr_t full_blocks = length / KEYLEN;
const uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */

BlockCopy(output, input);
state = (state_t*)output;

// Skip the key expansion if key is passed as 0
if(0 != key)
{
@@ -552,9 +549,6 @@ void AES128_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length,
const intptr_t full_blocks = length / KEYLEN;
const uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */

BlockCopy(output, input);
state = (state_t*)output;

// Skip the key expansion if key is passed as 0
if(0 != key)
{

0 comments on commit 144c680

Please sign in to comment.
You can’t perform that action at this time.