aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-28 05:31:02 -0500
committerJack Lloyd <[email protected]>2016-11-28 05:31:02 -0500
commit987ad747db6d0d7e36f840398f3cf02e2fbfd90f (patch)
treee01b3845dc61e7f96bd00b3c73443576dabbb23e
parent71406354a1ec7c2021b92e051ede72fe0466639a (diff)
parent06a93345fb715dfaefbdb5774ec66eff46fdfaa3 (diff)
Fix BER decoder integer overflow
-rw-r--r--doc/security.rst11
-rw-r--r--src/lib/asn1/ber_dec.cpp5
-rw-r--r--src/lib/utils/info.txt3
-rw-r--r--src/lib/utils/safeint.h39
4 files changed, 55 insertions, 3 deletions
diff --git a/doc/security.rst b/doc/security.rst
index faefca7d5..151c279f6 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -21,7 +21,16 @@ Advisories
2016
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* 2016-10-8871 (CVE-2016-8871) OAEP side channel
+* 2016-11-27 (CVE-2016-xxxx) Integer overflow in BER decoder
+
+ While decoding BER length fields, an integer overflow could occur. This could
+ occur while parsing untrusted inputs such as X.509 certificates. The overflow
+ does not seem to lead to any obviously exploitable condition, but exploitation
+ cannot be positively ruled out. Only 32-bit platforms are likely affected; to
+ cause an overflow on 64-bit the parsed data would have to be many gigabytes.
+ Bug found by Falko Strenzke, cryptosource GmbH.
+
+* 2016-10-26 (CVE-2016-8871) OAEP side channel
A side channel in OAEP decoding could be used to distinguish RSA ciphertexts
that did or did not have a leading 0 byte. For an attacker capable of
diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp
index ac676cd08..81c04aa6a 100644
--- a/src/lib/asn1/ber_dec.cpp
+++ b/src/lib/asn1/ber_dec.cpp
@@ -9,6 +9,7 @@
#include <botan/ber_dec.h>
#include <botan/bigint.h>
#include <botan/loadstor.h>
+#include <botan/internal/safeint.h>
namespace Botan {
@@ -126,7 +127,9 @@ size_t find_eoc(DataSource* ber)
size_t item_size = decode_length(&source, length_size);
source.discard_next(item_size);
- length += item_size + length_size + tag_size;
+ length = BOTAN_CHECKED_ADD(length, item_size);
+ length = BOTAN_CHECKED_ADD(length, tag_size);
+ length = BOTAN_CHECKED_ADD(length, length_size);
if(type_tag == EOC && class_tag == UNIVERSAL)
break;
diff --git a/src/lib/utils/info.txt b/src/lib/utils/info.txt
index 820dd407d..306e6e9ad 100644
--- a/src/lib/utils/info.txt
+++ b/src/lib/utils/info.txt
@@ -1,4 +1,4 @@
-define UTIL_FUNCTIONS 20150919
+define UTIL_FUNCTIONS 20161127
load_on always
@@ -31,6 +31,7 @@ filesystem.h
os_utils.h
prefetch.h
rounding.h
+safeint.h
semaphore.h
stl_util.h
</header:internal>
diff --git a/src/lib/utils/safeint.h b/src/lib/utils/safeint.h
new file mode 100644
index 000000000..e0bd66232
--- /dev/null
+++ b/src/lib/utils/safeint.h
@@ -0,0 +1,39 @@
+/*
+* Safe(r) Integer Handling
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_UTILS_SAFE_INT_H__
+#define BOTAN_UTILS_SAFE_INT_H__
+
+#include <botan/exceptn.h>
+#include <string>
+
+namespace Botan {
+
+class Integer_Overflow_Detected : public Exception
+ {
+ public:
+ Integer_Overflow_Detected(const std::string& file, int line) :
+ Exception("Integer overflow detected at " + file + ":" + std::to_string(line))
+ {}
+ };
+
+inline size_t checked_add(size_t x, size_t y, const char* file, int line)
+ {
+ // TODO: use __builtin_x_overflow on GCC and Clang
+ size_t z = x + y;
+ if(z < x)
+ {
+ throw Integer_Overflow_Detected(file, line);
+ }
+ return z;
+ }
+
+#define BOTAN_CHECKED_ADD(x,y) checked_add(x,y,__FILE__,__LINE__)
+
+}
+
+#endif