You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2006/01/24 09:53:18 UTC
DO NOT REPLY [Bug 38365] New: - Encryption fails if there are less than 12 characters to encrypt
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38365>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38365
Summary: Encryption fails if there are less than 12 characters to
encrypt
Product: Security
Version: C++ 1.2.0
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Encryption
AssignedTo: security-dev@xml.apache.org
ReportedBy: milan@setcce.org
I have found very interesting bug inside WinCAPICryptoSymmetricKey::encrypt().
I've been encrypting an XML file and used encrypt content (not whole element)
option ( cipher->encryptElementContent() func ). The bug occurs whenever there
are less then 12 (in my case only 4) characters inside XML element to encrypt.
In the case of 4 characters, values are:
//unsigned int rounding = (m_bytesInLastBlock + inLength) % m_blockSize;
unsigned int rounding = (0 + 4) % 8; // rounding == 8 now
//rounding += m_blockSize;
rounding += 8; // rounding == 12 now
//memcpy(m_lastBlock, &inBuf[inLength - rounding], rounding);
memcpy(m_lastBlock, &inBuf[4 - 12], 12); // 4 - 12 ??? buffer "underflow"
//memcpy(bufPtr, inBuf, inLength - rounding);
memcpy(bufPtr, inBuf, 4 - 12); // again 4 - 12 :(
Probably, the same bug is inside NSS and OpenSSL providers.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 38365] - Encryption fails if there are less than 12 characters to encrypt
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38365>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38365
blautenb@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From blautenb@apache.org 2006-04-15 22:42 -------
Turns out this only applied to the Windows code. Both the NSS and OpenSSL code
let the underlying library handle this edge case naturally. I have added some
code to see if the input is to small, and if so, store it in the buffer that is
used for tail of input.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.