Fatal malloc error when AEAD ciphertext is invalid

[wyager]

: ghci
GHCi, version 8.0.2: http://www.haskell.org/ghc/  :? for help
Loaded GHCi configuration from /Users/williamyager/.ghci
> import Crypto.Saltine.Core.AEAD
> (\k n -> aeadOpen k n "a" "b") <$> newKey <*> newNonce
*** Exception: malloc: resource exhausted (out of memory)

Invalid AAD seems fine. Invalid ciphertext causes this error.

Looks like this happens when the ciphertext is too short.

My guess: There's a subtraction on ssize_ts/Words that is unchecked and underflows if the provided "ciphertext" is less than the padding length.

[wyager]

https://github.com/tel/saltine/blob/ad74ea6a5322fd1b0880eb808b7618bab9a3a704/src/Crypto/Saltine/Core/AEAD.hs#L123

[wyager]

Arguably a problem with https://hackage.haskell.org/package/base-4.10.1.0/docs/src/Foreign.Marshal.Alloc.html#mallocBytes

It doesn't complain on negative Ints.

Should definitely also be checked here, however.

[linearray]

Thanks for reporting this. Can you provide a patch? I am working two projects at the moment, so it would take me some time to address this.

[wyager]

Apologies for the delay - forgot about this for some time.

Based on a quick grep through the code, I suspect I got all the problem cases.

[linearray]

Thank you very much!