-
Notifications
You must be signed in to change notification settings - Fork 95
Expand file tree
/
Copy pathfix-aead-stack-buffer-overflow.patch
More file actions
45 lines (38 loc) · 2.41 KB
/
fix-aead-stack-buffer-overflow.patch
File metadata and controls
45 lines (38 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
commit 7b89b1c9dfe5f28edb631abb3763e4e12661a505
Author: Gilles Peskine <Gilles.Peskine@arm.com>
Date: 2025-10-01 19:05:23 +0200
Fix stack buffer overflow in AEAD tests
Pass the remaining buffer length to API functions, not the length of the
original buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/api-tests/dev_apis/crypto/test_c061/test_c061.c b/api-tests/dev_apis/crypto/test_c061/test_c061.c
index df8e3e910..79ff154ac 100644
--- a/api-tests/dev_apis/crypto/test_c061/test_c061.c
+++ b/api-tests/dev_apis/crypto/test_c061/test_c061.c
@@ -96,9 +96,11 @@ int32_t psa_aead_finish_test(caller_security_t caller __UNUSED)
BUFFER_SIZE, &length);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ size_t remaining_output_size = check1[i].output_size > length ? check1[i].output_size - length : 0;
+
/* Finish encrypting a message in an AEAD operation */
status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output + length,
- check1[i].output_size, &finish_length, tag, check1[i].tag_size, &tag_length);
+ remaining_output_size, &finish_length, tag, check1[i].tag_size, &tag_length);
TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
if (check1[i].expected_status != PSA_SUCCESS)
diff --git a/api-tests/dev_apis/crypto/test_c063/test_c063.c b/api-tests/dev_apis/crypto/test_c063/test_c063.c
index cee674155..66211ae8e 100644
--- a/api-tests/dev_apis/crypto/test_c063/test_c063.c
+++ b/api-tests/dev_apis/crypto/test_c063/test_c063.c
@@ -95,9 +95,11 @@ int32_t psa_aead_verify_test(caller_security_t caller __UNUSED)
BUFFER_SIZE, &length);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ size_t remaining_output_size = check1[i].output_size > length ? check1[i].output_size - length : 0;
+
/* Finish authenticating and decrypting a message in an AEAD operation */
status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output + length,
- check1[i].output_size, &verify_length, check1[i].tag, check1[i].tag_length);
+ remaining_output_size, &verify_length, check1[i].tag, check1[i].tag_length);
TEST_ASSERT_DUAL(status,
check1[i].expected_status[0],
check1[i].expected_status[1],