chacha20/poly1305: make sure to clear the buffer at correct position

The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: N Rich Salz <rsalz@openssl.org>

chacha20/poly1305: make sure to clear the buffer at correct position
The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: N Rich Salz <rsalz@openssl.org>
bf52165b · Richard Levitte · Matt Caswell · a54aba53 · bf52165b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/evp/e_chacha20_poly1305.c crypto/evp/e_chacha20_poly1305.c +1 -1

未找到文件。
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
            } else {
                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
-                    memset(out, 0, plen);
+                    memset(out - plen, 0, plen);
                    return -1;
                }
            }