diff options
| author | Jakob Unterwurzacher | 2017-05-23 20:46:24 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-05-23 21:26:38 +0200 |
| commit | e827763f2e6226d9f5778d56c28270264950c0f5 (patch) | |
| tree | 2f5f4adeed482dd473cc4714b97a8903806fdbb3 /internal/nametransform/pad16.go | |
| parent | 508fd9e1d64131958c86175cb8d848f730e629cf (diff) | |
nametransform: harden name decryption against invalid input
This fixes a few issues I have found reviewing the code:
1) Limit the amount of data ReadLongName() will read. Previously,
you could send gocryptfs into out-of-memory by symlinking
gocryptfs.diriv to /dev/zero.
2) Handle the empty input case in unPad16() by returning an
error. Previously, it would panic with an out-of-bounds array
read. It is unclear to me if this could actually be triggered.
3) Reject empty names after base64-decoding in DecryptName().
An empty name crashes emeCipher.Decrypt().
It is unclear to me if B64.DecodeString() can actually return
a non-error empty result, but let's guard against it anyway.
Diffstat (limited to 'internal/nametransform/pad16.go')
| -rw-r--r-- | internal/nametransform/pad16.go | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/internal/nametransform/pad16.go b/internal/nametransform/pad16.go index 2b30bcb..833be0e 100644 --- a/internal/nametransform/pad16.go +++ b/internal/nametransform/pad16.go @@ -31,6 +31,9 @@ func pad16(orig []byte) (padded []byte) { // unPad16 - remove padding func unPad16(padded []byte) ([]byte, error) { oldLen := len(padded) + if oldLen == 0 { + return nil, errors.New("Empty input") + } if oldLen%aes.BlockSize != 0 { return nil, errors.New("Unaligned size") } @@ -39,12 +42,16 @@ func unPad16(padded []byte) ([]byte, error) { // The padding byte's value is the padding length padLen := int(padByte) // Padding must be at least 1 byte - if padLen <= 0 { + if padLen == 0 { return nil, errors.New("Padding cannot be zero-length") } - // Larger paddings make no sense + // Padding more than 16 bytes make no sense if padLen > aes.BlockSize { - return nil, fmt.Errorf("Padding too long, padLen = %d > 16", padLen) + return nil, fmt.Errorf("Padding too long, padLen=%d > 16", padLen) + } + // Padding cannot be as long as (or longer than) the whole string, + if padLen >= oldLen { + return nil, fmt.Errorf("Padding too long, oldLen=%d >= padLen=%d", oldLen, padLen) } // All padding bytes must be identical for i := oldLen - padLen; i < oldLen; i++ { @@ -53,9 +60,5 @@ func unPad16(padded []byte) ([]byte, error) { } } newLen := oldLen - padLen - // Padding an empty string makes no sense - if newLen == 0 { - return nil, errors.New("Unpadded length is zero") - } return padded[0:newLen], nil } |