Bug 1033571

Summary: nettle: use size_t for sizes, protect computations
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: nettleAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: nmavrogi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-13 16:01:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1033527    

Description Florian Weimer 2013-11-22 12:06:27 UTC 
buffer.h uses unsigned values for keeping track of allocated sizes.  This means that a call to nettle_buffer_grow could silently truncate a large argument of type size_t (on 64 bit systems), for example.

This issue also applies to nettle_realloc_func 

Furthermore, a size computation in nettle_buffer_grow can wrap around, failing to allocate additional buffer space:

  if (buffer->size + length > buffer->alloc)

There is another size computation in asn1_der_get_bignum which looks a bit suspicious as well.  If 8 * i->length wraps around, then the max_bits restriction is not necessarily enforced:

  if (max_bits && (8 * i->length > (16 + max_bits)))

This size computation in pgp_armor needs a guard against wraparound, too:

      unsigned text_size = BASE64_ENCODE_LENGTH(length)
	+ BASE64_ENCODE_FINAL_LENGTH;
Comment 2 Nikos Mavrogiannopoulos 2013-12-11 11:31:17 UTC 
This is fixed in nettle's master branch, at the cost of an ABI change. I don't think there is much we can do on that (except maintaining a local version of nettle). Nevertheless, I think the impact is minimal as I don't see the nettle's buffer.h to be used in the projects using nettle.