diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2018-06-22 12:16:09 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2018-06-25 23:45:14 +0200 |
commit | 19fe5299d3b52c5d17b70aec012730ffff1e3d84 (patch) | |
tree | 4fc73470ff801ad42864ddcd9eab42c36e9135a0 /src | |
parent | 8b4af64f50c5e41ce0155716f294c24ccdecad03 (diff) | |
download | android-node-v8-19fe5299d3b52c5d17b70aec012730ffff1e3d84.tar.gz android-node-v8-19fe5299d3b52c5d17b70aec012730ffff1e3d84.tar.bz2 android-node-v8-19fe5299d3b52c5d17b70aec012730ffff1e3d84.zip |
crypto: fix UB in computing max message size
Before this commit it computed `(1<<(8*(15-iv_len)))-1` for `iv_len>=11`
and that reduces to `(1<<32)-1` for `iv_len==11`. Left-shifting past
the sign bit and overflowing a signed integral type are both undefined
behaviors.
This commit switches to fixed values and restricts the `iv_len==11`
case to `INT_MAX`, as was already the case for all `iv_len<=10`.
PR-URL: https://github.com/nodejs/node/pull/21462
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/node_crypto.cc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 9b65386387..a8ffd70870 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -39,7 +39,6 @@ #include <errno.h> #include <limits.h> // INT_MAX -#include <math.h> #include <string.h> #include <algorithm> @@ -2800,13 +2799,11 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, auth_tag_len_ = auth_tag_len; - // The message length is restricted to 2 ^ (8 * (15 - iv_len)) - 1 bytes. + // Restrict the message length to min(INT_MAX, 2^(8*(15-iv_len))-1) bytes. CHECK(iv_len >= 7 && iv_len <= 13); - if (iv_len >= static_cast<int>(15.5 - log2(INT_MAX + 1.) / 8)) { - max_message_size_ = (1 << (8 * (15 - iv_len))) - 1; - } else { - max_message_size_ = INT_MAX; - } + max_message_size_ = INT_MAX; + if (iv_len == 12) max_message_size_ = 16777215; + if (iv_len == 13) max_message_size_ = 65535; } else { CHECK_EQ(mode, EVP_CIPH_GCM_MODE); |