Bugs item #3603904, was opened at 2013-02-08 18:58
Message generated for change (Settings changed) made by 
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: Yes
Submitted By: https://www.google.com/accounts ()
Assigned to: Nobody/Anonymous (nobody)
>Summary: potential encryption-based overflow

Initial Comment:
Hello, while performing an audit of vde2 
(https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it 
may even be a security bug. If you decide this is a security issue, please 
contact the linux-distros security list to coordinate a release and request a 
CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros 
for details on using the linux-distros list. Note especially that [vs] is 
required in the Subject: header.)

data_encypt() encrypts the data from the src buffer and places it in the dst 
buffer. The OpenSSL documentation is clear that the destination buffer needs to 
be large enough to handle (inl + cipher_block_size - 1) bytes of output, 
however data_encrypt() and send_udp() do not enforce that the destination 
buffer is the necessary size larger than the source buffer. If this constraint 
is somehow enforced by coding convention, please annotate that convention at 
the call site and data declaration sites.



You can respond by visiting: 

Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
vde-users mailing list

Reply via email to