From: Richard Levitte Date: Fri, 4 Nov 2016 13:21:46 +0000 (+0100) Subject: chacha20/poly1305: make sure to clear the buffer at correct position X-Git-Tag: OpenSSL_1_1_1-pre1~3111 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bf52165bda53524a267c784696bd074111a2f178;p=oweals%2Fopenssl.git chacha20/poly1305: make sure to clear the buffer at correct position The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz --- diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index cf4097ba5d..952bd3fca7 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); } else { if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { - memset(out, 0, plen); + memset(out - plen, 0, plen); return -1; } }