chacha20poly1305: defensively protect against large inputs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2020-02-06 12:45:34 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2020-02-06 12:45:34 +0100
commit: a7e4885d83a33ad1f857df1b9d68abafe49378f3 (patch)
tree: eaee4afc746ce554a71b6155a964d8c6ec0c6af8
parent: 7a11a53c5a8cf54d1b4b12e2359d1dc4a2ebd751 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/crypto/zinc/chacha20poly1305.c b/src/crypto/zinc/chacha20poly1305.c
index 571a64e..ff54bc4 100644
--- a/src/crypto/zinc/chacha20poly1305.c
+++ b/src/crypto/zinc/chacha20poly1305.c
@@ -92,6 +92,8 @@ bool chacha20poly1305_encrypt_sg_inplace(struct scatterlist *src,
 		__le64 lens[2];
 	} b __aligned(16) = { { 0 } };
 
+	if (WARN_ON(src_len > INT_MAX))
+		return false;
 
 	chacha20_init(&chacha20_state, key, nonce);
 	chacha20(&chacha20_state, b.block0, b.block0, sizeof(b.block0),
@@ -253,7 +255,7 @@ bool chacha20poly1305_decrypt_sg_inplace(struct scatterlist *src,
 	} b __aligned(16) = { { 0 } };
 	bool ret = false;
 
-	if (unlikely(src_len < POLY1305_MAC_SIZE))
+	if (unlikely(src_len < POLY1305_MAC_SIZE || WARN_ON(src_len > INT_MAX)))
 		return ret;
 	src_len -= POLY1305_MAC_SIZE;
author	Jason A. Donenfeld <Jason@zx2c4.com>	2020-02-06 12:45:34 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2020-02-06 12:45:34 +0100
commit	a7e4885d83a33ad1f857df1b9d68abafe49378f3 (patch)
tree	eaee4afc746ce554a71b6155a964d8c6ec0c6af8
parent	7a11a53c5a8cf54d1b4b12e2359d1dc4a2ebd751 (diff)