open-vault

History

Alexander Scheel 3bad83f76f Prevent CWE-190/AllocationSizeOverflow in KDF (#13237 ) In the Counter-mode KBKDF implementation, due to the nature of the PRF (being implemented as a function rather than a hash.Hash instance), we need to allocate a buffer capable of storing the entire input to the PRF. This consists of the user-supplied context with 8 additional bytes (4 before and 4 after) of encoded integers. If the user supplies a maximally-sized context, the internally allocated buffer's size computation will overflow, resulting in a runtime panic. Guard against this condition. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>	2021-11-22 12:25:50 -05:00
..
kdf.go	Prevent CWE-190/AllocationSizeOverflow in KDF (#13237 )	2021-11-22 12:25:50 -05:00
kdf_test.go	Run a more strict formatter over the code (#11312 )	2021-04-08 09:43:39 -07:00

Alexander Scheel 3bad83f76f

Prevent CWE-190/AllocationSizeOverflow in KDF (#13237 )

In the Counter-mode KBKDF implementation, due to the nature of the PRF
(being implemented as a function rather than a hash.Hash instance), we
need to allocate a buffer capable of storing the entire input to the
PRF. This consists of the user-supplied context with 8 additional bytes
(4 before and 4 after) of encoded integers.

If the user supplies a maximally-sized context, the internally allocated
buffer's size computation will overflow, resulting in a runtime panic.
Guard against this condition.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

2021-11-22 12:25:50 -05:00

kdf.go

Prevent CWE-190/AllocationSizeOverflow in KDF (#13237 )

2021-11-22 12:25:50 -05:00

kdf_test.go

Run a more strict formatter over the code (#11312 )

2021-04-08 09:43:39 -07:00