From a6021a2f29745a99697de3d50ca8386e228e6305 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 9 Jan 2020 19:16:58 +0000 Subject: [PATCH] testcrypt: fix the rsa_ssh1_encrypt wrapper. It wasn't expanding the output strbuf to the full size of the key modulus, so the output delivered to Python was only a part of the mpint it should have been. (Also, that was logically speaking a buffer overrun - we were writing to the strbuf buffer beyond its length - although in practice I think the _physical_ size of the buffer was large enough not to show it up even under ASan. In any case, a buffer overrun only in the test suite, and in a function I hadn't even got round to testing, is about the best place to have one.) While I'm here, I've also changed the way that the testcrypt wrapper on rsa_ssh1_encrypt indicates failure: now we have the 'opt_' mechanism, it can do that by returning None rather than "". --- testcrypt.c | 10 +++++++--- testcrypt.h | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/testcrypt.c b/testcrypt.c index 8fd51d2d..37eb6869 100644 --- a/testcrypt.c +++ b/testcrypt.c @@ -512,6 +512,7 @@ static void return_val_string_asciz(strbuf *out, char *s) return_##type_name(out, ptr); \ } +NULLABLE_RETURN_WRAPPER(val_string, strbuf *) NULLABLE_RETURN_WRAPPER(val_string_asciz, char *) NULLABLE_RETURN_WRAPPER(val_cipher, ssh_cipher *) NULLABLE_RETURN_WRAPPER(val_hash, ssh_hash *) @@ -751,11 +752,14 @@ static RSAKey *rsa_new(void) strbuf *rsa_ssh1_encrypt_wrapper(ptrlen input, RSAKey *key) { /* Fold the boolean return value in C into the string return value - * for this purpose, by returning the empty string on failure */ + * for this purpose, by returning NULL on failure */ strbuf *sb = strbuf_new(); put_datapl(sb, input); - if (!rsa_ssh1_encrypt(sb->u, sb->len, key)) - sb->len = 0; + put_padding(sb, key->bytes - input.len, 0); + if (!rsa_ssh1_encrypt(sb->u, input.len, key)) { + strbuf_free(sb); + return NULL; + } return sb; } #define rsa_ssh1_encrypt rsa_ssh1_encrypt_wrapper diff --git a/testcrypt.h b/testcrypt.h index 61a8e538..ded05d48 100644 --- a/testcrypt.h +++ b/testcrypt.h @@ -207,7 +207,7 @@ FUNC1(val_rsakex, get_rsa_ssh1_priv_agent, val_string_binarysource) FUNC0(val_rsa, rsa_new) FUNC3(void, get_rsa_ssh1_pub, val_string_binarysource, val_rsa, rsaorder) FUNC2(void, get_rsa_ssh1_priv, val_string_binarysource, val_rsa) -FUNC2(val_string, rsa_ssh1_encrypt, val_string_ptrlen, val_rsa) +FUNC2(opt_val_string, rsa_ssh1_encrypt, val_string_ptrlen, val_rsa) FUNC2(val_mpint, rsa_ssh1_decrypt, val_mpint, val_rsa) FUNC2(val_string, rsa_ssh1_decrypt_pkcs1, val_mpint, val_rsa) FUNC1(val_string_asciz, rsastr_fmt, val_rsa)