From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 19 Dec 2009 22:23:25 +0000 (+0100)
Subject: Do not use hardcoded cipher block length when padding.
X-Git-Tag: release-1.1pre1~86
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=36261650024ba8e18f9c77396f1d7a4e51f20602

Do not use hardcoded cipher block length when padding.
---

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index ad2a9505..6a2cc5a1 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -196,7 +196,13 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 		if(!oneshot)
 			return false;
 
-		size_t reqlen = ((inlen + 8) / cipher->blklen) * cipher->blklen;
+		size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
+
+		if(*outlen < reqlen) {
+			logger(LOG_ERR, "Error while encrypting: not enough room for padding");
+			return false;
+		}
+
 		uint8_t padbyte = reqlen - inlen;
 		inlen = reqlen - cipher->blklen;
 
@@ -259,7 +265,8 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 			}
 
 		*outlen = origlen;
-	}
+	} else
+		*outlen = inlen;
 
 	return true;
 }