diff options
| author | cperciva <cperciva@FreeBSD.org> | 2005-07-27 08:41:17 +0000 |
|---|---|---|
| committer | cperciva <cperciva@FreeBSD.org> | 2005-07-27 08:41:17 +0000 |
| commit | 6393df51ccd1a016925d2808ebf5d4b3bde64aaf (patch) | |
| tree | 4228db16894b3f198ed6b1223a9a2dd9f18e82fd /sys | |
| parent | e2bb2f5a2e412b3133d44a5158dba2dae50808ab (diff) | |
| download | FreeBSD-src-6393df51ccd1a016925d2808ebf5d4b3bde64aaf.zip FreeBSD-src-6393df51ccd1a016925d2808ebf5d4b3bde64aaf.tar.gz | |
Correct a buffer overflow which can occur when decompressing a
carefully crafted deflated data stream. [1]
Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]
Submitted by: suz [2]
Security: FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet6/ah_aesxcbcmac.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/netinet6/ah_aesxcbcmac.c b/sys/netinet6/ah_aesxcbcmac.c index 1aa54aa..75c89bc 100644 --- a/sys/netinet6/ah_aesxcbcmac.c +++ b/sys/netinet6/ah_aesxcbcmac.c @@ -78,6 +78,7 @@ ah_aes_xcbc_mac_init(state, sav) u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4]; aesxcbc_ctx *ctx; + u_int8_t k1[AES_BLOCKSIZE]; if (!state) panic("ah_aes_xcbc_mac_init: what?"); @@ -93,14 +94,15 @@ ah_aes_xcbc_mac_init(state, sav) if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, (char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0) return -1; - if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0) + rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1); + rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); + rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); + if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0) return -1; - if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0) + if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0) return -1; - if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0) + if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0) return -1; - rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); - rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); return 0; } @@ -151,8 +153,8 @@ ah_aes_xcbc_mac_loop(state, addr, len) addr += AES_BLOCKSIZE; } if (addr < ep) { - bcopy(addr, ctx->buf, ep - addr); - ctx->buflen = ep - addr; + bcopy(addr, ctx->buf + ctx->buflen, ep - addr); + ctx->buflen += ep - addr; } } |
