From 15511e0fb5d694b803755ee0cbb48e11d43df753 Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 11 Dec 2024 12:50:37 +0100 Subject: [PATCH] QUIC/decrypt_crypto: Fix decrypting into too small stack buffer A QUIC initial packet larger than 1500 bytes could lead to crashes due to the usage of a fixed size stack buffer for decryption. Allocate the necessary memory dynamically on the heap instead. --- src/analyzer/protocol/quic/decrypt_crypto.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyzer/protocol/quic/decrypt_crypto.cc b/src/analyzer/protocol/quic/decrypt_crypto.cc index d38bc4154f..693f77fdcc 100644 --- a/src/analyzer/protocol/quic/decrypt_crypto.cc +++ b/src/analyzer/protocol/quic/decrypt_crypto.cc @@ -60,7 +60,6 @@ const size_t AEAD_IV_LEN = 12; const size_t AEAD_HP_LEN = 16; const size_t AEAD_SAMPLE_LENGTH = 16; const size_t AEAD_TAG_LENGTH = 16; -const size_t MAXIMUM_PACKET_LENGTH = 1500; const size_t MAXIMUM_PACKET_NUMBER_LENGTH = 4; EVP_CIPHER_CTX* get_aes_128_ecb() { @@ -173,7 +172,8 @@ hilti::rt::Bytes decrypt(const std::vector& client_key, const hilti::rt const void* tag_to_check = all_data.data() + decryptInfo.unprotected_header.size() + encrypted_payload_size; int tag_to_check_length = AEAD_TAG_LENGTH; - std::array decrypt_buffer; + // Allocate memory for decryption. + std::vector decrypt_buffer(encrypted_payload_size); // Setup context auto* ctx = get_aes_128_gcm();