extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-21 23:53:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix slice bounds out of range in msg decryption (#768)

Browse Source
This commit is contained in:
Zoltan Papp 2023-03-29 10:40:31 +02:00 committed by GitHub
parent 8ebd6ce963
commit ab0cf1b8aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
encryption/encryption.go
View File

@ -3,10 +3,13 @@ package encryption
import ( import (
"crypto/rand" "crypto/rand"
"fmt" "fmt"
"golang.org/x/crypto/nacl/box" "golang.org/x/crypto/nacl/box"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes" "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
) )
const nonceSize = 24
// A set of tools to encrypt/decrypt messages being sent through the Signal Exchange Service or Management Service // A set of tools to encrypt/decrypt messages being sent through the Signal Exchange Service or Management Service
// These tools use Golang crypto package (Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate) // These tools use Golang crypto package (Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate)
// Wireguard keys are used for encryption // Wireguard keys are used for encryption
@ -26,8 +29,11 @@ func Decrypt(encryptedMsg []byte, peerPublicKey wgtypes.Key, privateKey wgtypes.
if err != nil { if err != nil {
return nil, err return nil, err
} }
copy(nonce[:], encryptedMsg[:24]) if len(encryptedMsg) < nonceSize {
opened, ok := box.Open(nil, encryptedMsg[24:], nonce, toByte32(peerPublicKey), toByte32(privateKey)) return nil, fmt.Errorf("invalid encrypted message lenght")
}
copy(nonce[:], encryptedMsg[:nonceSize])
opened, ok := box.Open(nil, encryptedMsg[nonceSize:], nonce, toByte32(peerPublicKey), toByte32(privateKey))
if !ok { if !ok {
return nil, fmt.Errorf("failed to decrypt message from peer %s", peerPublicKey.String()) return nil, fmt.Errorf("failed to decrypt message from peer %s", peerPublicKey.String())
} }
@ -36,8 +42,8 @@ func Decrypt(encryptedMsg []byte, peerPublicKey wgtypes.Key, privateKey wgtypes.
} }
// Generates nonce of size 24 // Generates nonce of size 24
func genNonce() (*[24]byte, error) { func genNonce() (*[nonceSize]byte, error) {
var nonce [24]byte var nonce [nonceSize]byte
if _, err := rand.Read(nonce[:]); err != nil { if _, err := rand.Read(nonce[:]); err != nil {
return nil, err return nil, err
} }