ndn_lite_default_hmac_load_key buffer overflow

named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.

https://ndn-lite.named-data.net

GNU Lesser General Public License v3.0

44 stars 16 forks source link

ndn_lite_default_hmac_load_key buffer overflow #13

Closed yoursunny closed 5 years ago

yoursunny commented 5 years ago

As of a4dcb80458dff521ac8767b0e0067c1e14fab98d, ndn_lite_default_hmac_load_key function invokes:

memcpy(hmac_key->key_value, key_value, key_size);

hmac_key->key_value is a 32-byte fixed size buffer. key_size comes from user and is unverified. Therefore, an attacker can trigger a buffer overflow using this function.

Recommendation is to use memcpy_s instead of manual checking and memcpy, if C11 is allowed (see #12).

Zhiyi-Zhang commented 5 years ago

Commit 2441f34 will fix the issue. Whether to use C11 requires more discussion. Do you have some suggestions?