mirror of
https://github.com/haproxy/haproxy.git
synced 2026-05-27 03:33:36 -04:00
CLEANUP: jwe: fix theoretical overflow in AAD length calculation
Some checks are pending
Contrib / admin/halog/ (push) Waiting to run
Contrib / dev/flags/ (push) Waiting to run
Contrib / dev/haring/ (push) Waiting to run
Contrib / dev/hpack/ (push) Waiting to run
Contrib / dev/poll/ (push) Waiting to run
VTest / Generate Build Matrix (push) Waiting to run
VTest / (push) Blocked by required conditions
Windows / Windows, gcc, all features (push) Waiting to run
Some checks are pending
Contrib / admin/halog/ (push) Waiting to run
Contrib / dev/flags/ (push) Waiting to run
Contrib / dev/haring/ (push) Waiting to run
Contrib / dev/hpack/ (push) Waiting to run
Contrib / dev/poll/ (push) Waiting to run
VTest / Generate Build Matrix (push) Waiting to run
VTest / (push) Blocked by required conditions
Windows / Windows, gcc, all features (push) Waiting to run
The expression items[JWE_ELT_JOSE].length << 3 performs the shift on an unsigned int (32-bit) before being cast to uint64_t instead of after. This means that we don't cover for a possible overflow (which would never happen as it would need a header length beyond 512MB). At least fixing it will avoid code check reports.
This commit is contained in:
Willy Tarreau
parent
d4a4be6c34
commit
29b9da7821
1 changed files with 1 additions and 1 deletions
|
|
@ -448,7 +448,7 @@ static int build_and_check_tag(jwe_enc enc, struct jwt_item items[JWE_ELT_MAX],
|
|||
int retval = 1;
|
||||
const EVP_MD *hash = NULL;
|
||||
int mac_key_len = 0;
|
||||
uint64_t aad_len = my_htonll(items[JWE_ELT_JOSE].length << 3);
|
||||
uint64_t aad_len = my_htonll((uint64_t)items[JWE_ELT_JOSE].length << 3);
|
||||
|
||||
struct buffer *tag_data = alloc_trash_chunk();
|
||||
struct buffer *hmac = alloc_trash_chunk();
|
||||
|
|
|
|||
Loading…
Reference in a new issue