> I find a bug in function AES_cfbr_encrypt_block in openssl-0.9.7m. > The bug is memory-reading out-of-bound. The following is the code of > function AES_cfbr_encrypt_block, which is in file crypto/aes/aes_cfb.c > > 181 /* shift ovec left... */ > 182 rem = nbits%8; > 183 num = nbits/8; > 184 if(rem==0) > 185 memcpy(ivec,ovec+num,AES_BLOCK_SIZE); > 186 else > 187 for(n=0 ; n < AES_BLOCK_SIZE ; ++n) > 188 ivec[n] = ovec[n+num]<>(8-rem); > 189 > 190 /* it is not necessary to cleanse ovec, since the IV is not secret */ > 191 } > > If input-parameter nbits is 128, line 183 will set variable num to > 16. In the for loop in line 187, when the induction-variable n increases to > 15 (namely AES_BLOCK_SIZE-1), the program will still go to line 188. The > express "ovec[n+num+1]" will read ovec[32]. However, size of array ovec > is only 32 (line 166). So the memory-reading will be out-of-bound.
If nbits is 128, then rem is 0 and loop in question is not executed. A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
