Issue #64: Check buffer length to avoid segfaults

terl / lazysodium-java

A Java implementation of the Libsodium crypto library. For the lazy dev.

https://github.com/terl/lazysodium-java/wiki

Mozilla Public License 2.0

135 stars 47 forks source link

Issue #64: Check buffer length to avoid segfaults #66

Closed erikvanzijst closed 4 years ago

erikvanzijst commented 4 years ago

To avoid a Java-level buffer length bug from taking out the entire JVM with a segfault, perform boundary checks on the length parameters that are passed on to libsodium.

For most usecases the buffer lengths are probably redundant as we can just automatically pass .length from Java, removing the need for the caller to explicitly do so. The existence of the unsigned length parameters are primarily to identify the end of the buffer in C; a problem Java does not have.

This fixes issue #64

gurpreet- commented 4 years ago

Whoops I should have merged this PR before I started work on my #65. If you can't fix your conflicts, I can help, let me know 🙂

erikvanzijst commented 4 years ago

Whoops I should have merged this PR before I started work on my #65. If you can't fix your conflicts, I can help, let me know 🙂

No worries, I'll resolve it.

gurpreet- commented 4 years ago

Fantastic stuff, I cannot thank you enough!