You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2006/01/24 09:53:18 UTC

DO NOT REPLY [Bug 38365] New: - Encryption fails if there are less than 12 characters to encrypt

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38365>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38365

           Summary: Encryption fails if there are less than 12 characters to
                    encrypt
           Product: Security
           Version: C++ 1.2.0
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encryption
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: milan@setcce.org


I have found very interesting bug inside WinCAPICryptoSymmetricKey::encrypt().
I've been encrypting an XML file and used encrypt content (not whole element)
option ( cipher->encryptElementContent() func ). The bug occurs whenever there
are less then 12 (in my case only 4) characters inside XML element to encrypt.
In the case of 4 characters, values are:

//unsigned int rounding = (m_bytesInLastBlock + inLength) % m_blockSize;
unsigned int rounding = (0 + 4) % 8; // rounding == 8 now

//rounding += m_blockSize;
rounding += 8; // rounding == 12 now

//memcpy(m_lastBlock, &inBuf[inLength - rounding], rounding);
memcpy(m_lastBlock, &inBuf[4 - 12], 12); // 4 - 12 ??? buffer "underflow"

//memcpy(bufPtr, inBuf, inLength - rounding);
memcpy(bufPtr, inBuf, 4 - 12); // again 4 - 12 :(

Probably, the same bug is inside NSS and OpenSSL providers.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY [Bug 38365] - Encryption fails if there are less than 12 characters to encrypt

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38365>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38365


blautenb@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From blautenb@apache.org  2006-04-15 22:42 -------
Turns out this only applied to the Windows code.  Both the NSS and OpenSSL code
let the underlying library handle this edge case naturally.  I have added some
code to see if the input is to small, and if so, store it in the buffer that is
used for tail of input.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.