Undersized SipHash key leads to buffer out-of-bounds read #947

guidovranken · 2020-05-04T16:21:45Z

#include <seckey.h>
#include <siphash.h>

int main(void)
{
    const uint8_t key[3] = { 0 };
    ::CryptoPP::SipHash<2, 4, false> siphash(key, sizeof(key));
    return 0;
}

I think it would be more appropriate to throw an exception in this case?

noloader · 2020-05-04T16:52:01Z

Thanks @guidovranken.

Can you give Commit d6a5b7664bde a try?

diff --git a/siphash.h b/siphash.h
index 76dcccf6..4ffe1b50 100644
--- a/siphash.h
+++ b/siphash.h
@@ -148,7 +148,8 @@ public:
        /// \param key a byte array used to key the cipher
        /// \param length the size of the byte array, in bytes
        SipHash(const byte *key, unsigned int length)
-               {this->UncheckedSetKey(key, length, g_nullNameValuePairs);}
+               {this->ThrowIfInvalidKeyLength(length);
+                this->UncheckedSetKey(key, length, g_nullNameValuePairs);}
 };

 template <unsigned int C, unsigned int D, bool T_128bit>

guidovranken · 2020-05-04T16:59:19Z

Thank you, confirmed fixed.

noloader added a commit that referenced this issue May 4, 2020

Validate SipHash key length in ctor (GH #947)

d6a5b76

guidovranken closed this as completed May 4, 2020

noloader added the Bug label Dec 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Undersized SipHash key leads to buffer out-of-bounds read #947

Undersized SipHash key leads to buffer out-of-bounds read #947

guidovranken commented May 4, 2020

noloader commented May 4, 2020 •

edited

Loading

guidovranken commented May 4, 2020

Undersized SipHash key leads to buffer out-of-bounds read #947

Undersized SipHash key leads to buffer out-of-bounds read #947

Comments

guidovranken commented May 4, 2020

noloader commented May 4, 2020 • edited Loading

guidovranken commented May 4, 2020

noloader commented May 4, 2020 •

edited

Loading