3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-12-28 15:40:23 +08:00
Code Issues Projects Releases Wiki Activity

fix stack trashing

Browse Source
This commit is contained in:
Sergio R. Caprile 2024-07-03 14:44:51 -03:00
parent 5ad2b0531a
commit 00862344f7
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
mongoose.c
View File

@ -9886,9 +9886,14 @@ static int mg_tls_recv_record(struct mg_connection *c) {
nonce[10] ^= (uint8_t) ((seq >> 8) & 255U); nonce[10] ^= (uint8_t) ((seq >> 8) & 255U);
nonce[11] ^= (uint8_t) ((seq) & 255U); nonce[11] ^= (uint8_t) ((seq) & 255U);
#if CHACHA20 #if CHACHA20
uint8_t dec[8192]; uint8_t *dec = (uint8_t *) malloc(msgsz);
if (dec == NULL) {
mg_error(c, "TLS OOM");
return -1;
}
size_t n = mg_chacha20_poly1305_decrypt(dec, key, nonce, msg, msgsz); size_t n = mg_chacha20_poly1305_decrypt(dec, key, nonce, msg, msgsz);
memmove(msg, dec, n); memmove(msg, dec, n);
free(dec);
#else #else
mg_aes_gcm_decrypt(msg, msg, msgsz - 16, key, 16, nonce, sizeof(nonce)); mg_aes_gcm_decrypt(msg, msg, msgsz - 16, key, 16, nonce, sizeof(nonce));
#endif #endif

7
src/tls_builtin.c
View File

@ -456,9 +456,14 @@ static int mg_tls_recv_record(struct mg_connection *c) {
nonce[10] ^= (uint8_t) ((seq >> 8) & 255U); nonce[10] ^= (uint8_t) ((seq >> 8) & 255U);
nonce[11] ^= (uint8_t) ((seq) & 255U); nonce[11] ^= (uint8_t) ((seq) & 255U);
#if CHACHA20 #if CHACHA20
uint8_t dec[8192]; uint8_t *dec = (uint8_t *) malloc(msgsz);
if (dec == NULL) {
mg_error(c, "TLS OOM");
return -1;
}
size_t n = mg_chacha20_poly1305_decrypt(dec, key, nonce, msg, msgsz); size_t n = mg_chacha20_poly1305_decrypt(dec, key, nonce, msg, msgsz);
memmove(msg, dec, n); memmove(msg, dec, n);
free(dec);
#else #else
mg_aes_gcm_decrypt(msg, msg, msgsz - 16, key, 16, nonce, sizeof(nonce)); mg_aes_gcm_decrypt(msg, msg, msgsz - 16, key, 16, nonce, sizeof(nonce));
#endif #endif