Fix buffer overrun in gettag for GCM
authorPeter Wu <peter@lekensteyn.nl>
Wed, 23 Mar 2016 02:45:20 +0000 (03:45 +0100)
committerWerner Koch <wk@gnupg.org>
Wed, 23 Mar 2016 10:02:11 +0000 (11:02 +0100)
commitd3d7bdf8215275b3b20690dfde3f43dbe25b6f85
tree079a979c7cd0e1dd7f3c1562f2ab9c12e9e403e1
parentd328095dd4de83b839d9d8c4bdbeec0956971016
Fix buffer overrun in gettag for GCM

* cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
  number.
--

The outbuflen is used to check the minimum size, the real tag is always
of fixed length.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Actually this is not a buffer overrun because we copy not more than
has been allocated for OUTBUF.  However a too long OUTBUFLEN accesses
data outside of the source buffer.  -wk
cipher/cipher-gcm.c