Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

length and null checks in en/decaps #364

Merged
merged 2 commits into from
Mar 4, 2024
Merged

Conversation

bencemali
Copy link
Contributor

The functions oqs_qs_kem_encaps_keyslot and oqs_qs_kem_decaps_keyslot are provided some buffers for the input and output parameters, with pointers to return the intended length of these buffers in case they are queried, or they hold the actual length of the provided buffers when it's not a query. These lengths are not passed on and they are not checked against the kem context. This could lead to over-writes or over-reads. Null pointers are also not handled properly.

@bencemali bencemali requested a review from baentsch as a code owner March 4, 2024 07:42
oqsprov/oqs_kem.c Outdated Show resolved Hide resolved
oqsprov/oqs_kem.c Outdated Show resolved Hide resolved
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this good enhancement! Will wait before merge to give you time to decide whether to address the nits/single comments.

@bencemali
Copy link
Contributor Author

Thanks @baentsch, nice catch!

@baentsch
Copy link
Member

baentsch commented Mar 4, 2024

Thanks @baentsch, nice catch!

On my own sloppy code :-/ Thanks for the addition.

@baentsch baentsch merged commit fdc65c7 into open-quantum-safe:main Mar 4, 2024
26 checks passed
@baentsch
Copy link
Member

baentsch commented Mar 4, 2024

Thanks again for the contribution. Merged.

feventura pushed a commit to EntrustCorporation/oqs-provider that referenced this pull request Mar 13, 2024
* length and null checks in en/decaps

Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
feventura pushed a commit to EntrustCorporation/oqs-provider that referenced this pull request Mar 16, 2024
* length and null checks in en/decaps

Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
feventura pushed a commit to EntrustCorporation/oqs-provider that referenced this pull request Mar 17, 2024
* length and null checks in en/decaps

Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
feventura pushed a commit to EntrustCorporation/oqs-provider that referenced this pull request Mar 17, 2024
* length and null checks in en/decaps

Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
feventura pushed a commit to EntrustCorporation/oqs-provider that referenced this pull request Mar 17, 2024
* length and null checks in en/decaps

Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants