jeff/NSspi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added length validation to the Decrypt and VerifySignature methods.

Browse Source
This commit is contained in:
antiduh
2014-07-01 01:20:08 +00:00
parent e86fea598d
commit f65ca7aaaa
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
NSspi/Contexts/Context.cs
View File

@@ -201,6 +201,10 @@ namespace NSspi.Contexts
paddingLength = ByteWriter.ReadInt16_BE( input, position ); paddingLength = ByteWriter.ReadInt16_BE( input, position );
position += 2; position += 2;
if ( trailerLength + dataLength + paddingLength + 2 + 4 + 2 > input.Length )
{
throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
}
trailerBuffer = new SecureBuffer( new byte[trailerLength], BufferType.Token ); trailerBuffer = new SecureBuffer( new byte[trailerLength], BufferType.Token );
dataBuffer = new SecureBuffer( new byte[dataLength], BufferType.Data ); dataBuffer = new SecureBuffer( new byte[dataLength], BufferType.Data );
@@ -351,6 +355,11 @@ namespace NSspi.Contexts
sigLen = ByteWriter.ReadInt16_BE( signedMessage, position ); sigLen = ByteWriter.ReadInt16_BE( signedMessage, position );
position += 2; position += 2;
if ( messageLen + sigLen + 2 + 4 > signedMessage.Length )
{
throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
}
dataBuffer = new SecureBuffer( new byte[messageLen], BufferType.Data ); dataBuffer = new SecureBuffer( new byte[messageLen], BufferType.Data );
Array.Copy( signedMessage, position, dataBuffer.Buffer, 0, messageLen ); Array.Copy( signedMessage, position, dataBuffer.Buffer, 0, messageLen );
position += messageLen; position += messageLen;