/pidgin/main: 8564519d01c0: Don't pass incorrectly sized blocks ...
Andrew Victor
andrew.victor at mxit.com
Tue Dec 18 10:51:13 EST 2012
Changeset: 8564519d01c0a370d513b2eaa487a0d95cf9e2fc
Author: Andrew Victor <andrew.victor at mxit.com>
Date: 2012-12-18 17:31 +0200
Branch: default
URL: http://hg.pidgin.im/pidgin/main/rev/8564519d01c0
Description:
Don't pass incorrectly sized blocks of encrypted data to the AES library.
diffstat:
libpurple/protocols/mxit/cipher.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff --git a/libpurple/protocols/mxit/cipher.c b/libpurple/protocols/mxit/cipher.c
--- a/libpurple/protocols/mxit/cipher.c
+++ b/libpurple/protocols/mxit/cipher.c
@@ -163,6 +163,10 @@ char* mxit_decrypt_message( struct MXitS
/* base64 decode the message */
raw_message = purple_base64_decode( message, &raw_len );
+ /* AES-encrypted data is always blocks of 16 bytes */
+ if ( ( raw_len == 0 ) || ( raw_len % 16 != 0 ) )
+ return NULL;
+
/* build the AES key */
ExpandKey( (unsigned char*) transport_layer_key( session ), (unsigned char*) exkey );
More information about the Commits
mailing list