Changeset 102297 in vbox

Timestamp:

Nov 24, 2023 4:32:03 PM (10 months ago)

Author:

vboxsync

Message:

IPRT/crypto/shacrypt: Better string length checks for RTCrShaCryptXXXToString(). bugref:10551

Location:

trunk

Files:

• include/iprt/crypto/shacrypt.h (modified) (2 diffs)
• src/VBox/Runtime/common/crypto/shacrypt.cpp (modified) (2 diffs)
• src/VBox/Runtime/testcase/tstRTShaCrypt.cpp (modified) (1 diff)
• src/VBox/Runtime/tools/RTMkPasswd.cpp (modified) (1 diff)

trunk/include/iprt/crypto/shacrypt.h

@@ -81 +81 @@
  * @param   cRounds             Number of rounds used for generating \a pabHash.
  * @param   pszString           Where to store the printable string on success.
- * @param   cbString            Size (in bytes) of \a pszString.
+ * @param   cchString           Size of \a pszString.
+ *                              Should be at least RTSHA256_DIGEST_LEN + 1 bytes.
  *
  * @note    This implements step 22 of SHA-crypt.txt Version: 0.6 2016-8-31.
  */
-RTR3DECL(int) RTCrShaCrypt256ToString(uint8_t abHash[RTSHA256_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cbString);
+RTR3DECL(int) RTCrShaCrypt256ToString(uint8_t abHash[RTSHA256_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cchString);
 
 
@@ -111 +112 @@
  * @param   cRounds             Number of rounds used for generating \a pabHash.
  * @param   pszString           Where to store the printable string on success.
- * @param   cbString            Size (in bytes) of \a pszString.
+ * @param   cchString           Size of \a pszString.
+ *                              Should be at least RTSHA512_DIGEST_LEN + 1 bytes.
  *
  * @note    This implements step 22 of SHA-crypt.txt Version: 0.6 2016-8-31.
  */
-RTR3DECL(int) RTCrShaCrypt512ToString(uint8_t abHash[RTSHA512_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cbString);
+RTR3DECL(int) RTCrShaCrypt512ToString(uint8_t abHash[RTSHA512_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cchString);
 
 /** @} */

trunk/src/VBox/Runtime/common/crypto/shacrypt.cpp

@@ -173 +173 @@
 
 RTR3DECL(int) RTCrShaCrypt256ToString(uint8_t abHash[RTSHA256_HASH_SIZE], const char *pszSalt, uint32_t cRounds,
-                                      char *pszString, size_t cbString)
+                                      char *pszString, size_t cchString)
 {
     AssertPtrReturn(pszSalt,   VERR_INVALID_POINTER);
     AssertReturn   (cRounds,   VERR_INVALID_PARAMETER);
-    AssertReturn   (cbString,  VERR_INVALID_PARAMETER);
+    AssertReturn   (cchString >= RTSHA256_DIGEST_LEN + 1, VERR_INVALID_PARAMETER);
     AssertPtrReturn(pszString, VERR_INVALID_POINTER);
 
     char  *psz = pszString;
-    size_t cch = cbString;
+    size_t cch = cchString;
 
     *psz = '\0';
+
+    size_t cchPrefix;
     if (cRounds == RT_SHACRYPT_DEFAULT_ROUNDS)
-        psz += RTStrPrintf2(psz, cch, "$5$%s$", pszSalt);
+        cchPrefix = RTStrPrintf2(psz, cchString, "$5$%s$", pszSalt);
     else
-        psz += RTStrPrintf2(psz, cch, "$5$rounds=%RU32$%s$", cRounds, pszSalt);
+        cchPrefix = RTStrPrintf2(psz, cchString, "$5$rounds=%RU32$%s$", cRounds, pszSalt);
+    AssertReturn(cchPrefix > 0, VERR_BUFFER_OVERFLOW);
+    AssertReturn(cch >= cchPrefix, VERR_BUFFER_OVERFLOW);
+    cch -= cchPrefix;
+    psz += cchPrefix;
+
+    /* Make sure that there is enough room to store the base64-encoded hash. */
+    AssertReturn(cch >= ((RTSHA256_HASH_SIZE / 3) * 4) + 1, VERR_BUFFER_OVERFLOW);
 
     static const char acBase64[64 + 1] =
@@ -347 +356 @@
 
 RTR3DECL(int) RTCrShaCrypt512ToString(uint8_t abHash[RTSHA512_HASH_SIZE], const char *pszSalt, uint32_t cRounds,
-                                      char *pszString, size_t cbString)
+                                      char *pszString, size_t cchString)
 {
     AssertPtrReturn(pszSalt,   VERR_INVALID_POINTER);
     AssertReturn   (cRounds,   VERR_INVALID_PARAMETER);
-    AssertReturn   (cbString,  VERR_INVALID_PARAMETER);
+    AssertReturn   (cchString >= RTSHA512_DIGEST_LEN + 1, VERR_INVALID_PARAMETER);
     AssertPtrReturn(pszString, VERR_INVALID_POINTER);
 
     char  *psz = pszString;
-    size_t cch = cbString;
-
-    *psz = '\0';
+    size_t cch = cchString;
+
+    size_t cchPrefix;
     if (cRounds == RT_SHACRYPT_DEFAULT_ROUNDS)
-        psz += RTStrPrintf2(psz, cch, "$6$%s$", pszSalt);
+        cchPrefix = RTStrPrintf2(psz, cchString, "$6$%s$", pszSalt);
     else
-        psz += RTStrPrintf2(psz, cch, "$6$rounds=%RU32$%s$", cRounds, pszSalt);
+        cchPrefix = RTStrPrintf2(psz, cchString, "$6$rounds=%RU32$%s$", cRounds, pszSalt);
+    AssertReturn(cchPrefix > 0, VERR_BUFFER_OVERFLOW);
+    AssertReturn(cch >= cchPrefix, VERR_BUFFER_OVERFLOW);
+    cch -= cchPrefix;
+    psz += cchPrefix;
+
+    /* Make sure that there is enough room to store the base64-encoded hash. */
+    AssertReturn(cch >= ((RTSHA512_HASH_SIZE / 3) * 4) + 1, VERR_BUFFER_OVERFLOW);
 
     static const char acBase64[64 + 1] =

trunk/src/VBox/Runtime/testcase/tstRTShaCrypt.cpp

@@ -227 +227 @@
             && g_aTests[i].pszResultStr)
         {
-            char szResult[RTSHA512_DIGEST_LEN];
+            char szResult[RTSHA512_DIGEST_LEN + 1];
 
             switch (enmType)

trunk/src/VBox/Runtime/tools/RTMkPasswd.cpp

@@ -177 +177 @@
 
     uint8_t abDigest[RTSHA512_HASH_SIZE];
-    char    szResult[RTSHA512_DIGEST_LEN];
+    char    szResult[RTSHA512_DIGEST_LEN + 1];
 
     switch (enmMethod)