Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

QUIC/decrypt_crypto: Fix decrypting into too small stack buffer

Browse source 
A QUIC initial packet larger than 1500 bytes could lead to crashes
due to the usage of a fixed size stack buffer for decryption.

Allocate the necessary memory dynamically on the heap instead.
This commit is contained in:
Arne Welzel 2024-12-11 12:50:37 +01:00 committed by Tim Wojtulewicz
parent 9a4791f9e9
commit 15511e0fb5
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/quic/decrypt_crypto.cc
View file

@ -60,7 +60,6 @@ const size_t AEAD_IV_LEN = 12;
const size_t AEAD_HP_LEN = 16; const size_t AEAD_HP_LEN = 16;
const size_t AEAD_SAMPLE_LENGTH = 16; const size_t AEAD_SAMPLE_LENGTH = 16;
const size_t AEAD_TAG_LENGTH = 16; const size_t AEAD_TAG_LENGTH = 16;
const size_t MAXIMUM_PACKET_LENGTH = 1500;
const size_t MAXIMUM_PACKET_NUMBER_LENGTH = 4; const size_t MAXIMUM_PACKET_NUMBER_LENGTH = 4;
EVP_CIPHER_CTX* get_aes_128_ecb() { EVP_CIPHER_CTX* get_aes_128_ecb() {
@ -173,7 +172,8 @@ hilti::rt::Bytes decrypt(const std::vector<uint8_t>& client_key, const hilti::rt
const void* tag_to_check = all_data.data() + decryptInfo.unprotected_header.size() + encrypted_payload_size; const void* tag_to_check = all_data.data() + decryptInfo.unprotected_header.size() + encrypted_payload_size;
int tag_to_check_length = AEAD_TAG_LENGTH; int tag_to_check_length = AEAD_TAG_LENGTH;
std::array<uint8_t, MAXIMUM_PACKET_LENGTH> decrypt_buffer; // Allocate memory for decryption.
std::vector<uint8_t> decrypt_buffer(encrypted_payload_size);
// Setup context // Setup context
auto* ctx = get_aes_128_gcm(); auto* ctx = get_aes_128_gcm();