Bug 922780: NSC_DecryptUpdate should also check the input data length
authorWan-Teh Chang <wtc@google.com>
Tue, 01 Oct 2013 21:35:42 -0700
changeset 10859 dec241b62016119d86e88f80782534b4cae8d889
parent 10858 9695a2d56c4d0988d41fdb133f7786566938049d
child 10860 fc6df00517093e85d5e27da260ce7c9f7a4d458f
push id165
push userwtc@google.com
push dateWed, 02 Oct 2013 04:36:06 +0000
bugs922780
Bug 922780: NSC_DecryptUpdate should also check the input data length for block ciphers when the output buffer is provided. r=sleevi.
lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1166,28 +1166,32 @@ CK_RV NSC_DecryptUpdate(CK_SESSION_HANDL
     crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,NULL);
     if (crv != CKR_OK) return crv;
 
     /* this can only happen on an NSS programming error */
     PORT_Assert((context->padDataLength == 0) 
 		|| context->padDataLength == context->blockSize);
 
 
+    if (context->doPad) {
+	/* Check the data length for block ciphers. If we are padding,
+	 * then we must be using a block cipher. In the non-padding case
+	 * the error will be returned by the underlying decryption
+	 * function when we do the actual decrypt. We need to do the
+	 * check here to avoid returning a negative length to the caller
+	 * or reading before the beginning of the pEncryptedPart buffer.
+ 	 */
+	if ((ulEncryptedPartLen == 0) ||
+	    (ulEncryptedPartLen % context->blockSize) != 0) {
+	    return CKR_ENCRYPTED_DATA_LEN_RANGE;
+	}
+    }
+
     if (!pPart) {
 	if (context->doPad) {
-	    /* we can check the data length here because if we are padding,
-	     * then we must be using a block cipher. In the non-padding case
-	     * the error will be returned by the underlying decryption
-	     * function when do do the actual decrypt. We need to do the
-	     * check here to avoid returning a negative length to the caller.
- 	     */
-	    if ((ulEncryptedPartLen == 0) ||
-		(ulEncryptedPartLen % context->blockSize) != 0) {
-		return CKR_ENCRYPTED_DATA_LEN_RANGE;
-	    }
 	    *pulPartLen = 
 		ulEncryptedPartLen + context->padDataLength - context->blockSize;
 	    return CKR_OK;
 	}
 	/* for stream ciphers there is are no constraints on ulEncryptedPartLen.
 	 * for block ciphers, it must be a multiple of blockSize. The error is
 	 * detected when this function is called again do decrypt the output.
 	 */