rsa: Enable use of zero-length null output Enable handling of zero-length null output in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a memcpy() to zero-length null output buffers.

commit: 6f7703df3a847aea97e362603e5e6f68d2192b7d [log] [tgz]
author: Jaeden Amero <jaeden.amero@arm.com> Wed Feb 06 10:44:56 2019 +0000
committer: Andrzej Kurek <andrzej.kurek@mobica.com> Mon Feb 11 03:39:51 2019 -0500
tree: 0d95ff86ddb9e6bd3f47c74274ea6f2266cc11a8
parent: 004f87b98dd9e5fb685d46b7212f6ca1c82648b3 [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index c8244d3..a35af44 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -1696,9 +1696,15 @@
                       plaintext_max_size,
                       plaintext_max_size - plaintext_size );
 
-    /* Finally copy the decrypted plaintext plus trailing zeros
-     * into the output buffer. */
-    memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
+    /* Finally copy the decrypted plaintext plus trailing zeros into the output
+     * buffer. If output_max_len is 0, then output may be an invalid pointer
+     * and the result of memcpy() would be undefined; prevent undefined
+     * behavior making sure to depend only on output_max_len (the size of the
+     * user-provided output buffer), which is independent from plaintext
+     * length, validity of padding, success of the decryption, and other
+     * secrets. */
+    if( output_max_len != 0 )
+        memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
 
     /* Report the amount of data we copied to the output buffer. In case
      * of errors (bad padding or output too large), the value of *olen
commit	6f7703df3a847aea97e362603e5e6f68d2192b7d	[log] [tgz]
author	Jaeden Amero <jaeden.amero@arm.com>	Wed Feb 06 10:44:56 2019 +0000
committer	Andrzej Kurek <andrzej.kurek@mobica.com>	Mon Feb 11 03:39:51 2019 -0500
tree	0d95ff86ddb9e6bd3f47c74274ea6f2266cc11a8
parent	004f87b98dd9e5fb685d46b7212f6ca1c82648b3 [diff] [blame]