Closed erikvanzijst closed 4 years ago
@erikvanzijst you're right, there does need to be some sort of checking going on especially in libraries that bind to C libraries. As you've found out, the result is very dangerous and results in a whole Java runtime going down.
Lazysodium's goals are to be as stress-free, cross-platform and functional as possible. I am not necessarily too concerned with performance, however I have designed it with JNA so it is indeed as performant too 🙂
Cool. Mind if I take a first stab at that?
Yeah sure, PRs are always welcome :)
Is this also something that should be reported upstream to libsodium? I don't know the details of this bug in particular, but memory corruption issues in general are a huge security risk.
I ran into issues where an application bug passed an invalid value (-1) for
inLen
tocryptoGenericHashUpdate(byte[] state, byte[] in, long inLen)
and since LazySodium passes this on to libsodium verbatim, it takes out the entire JVM with a segfault.Would you be open to a patch that adds bounds checking to array offset/length values? It seems an unnecessary risk for a Java level offset bug to crash the entire JVM.
I was think something to the effect of:
Should there be concerns around performance, we could also use
assert
so it could be disabled in production.