Skip to content

Commit

Permalink
Fixed integer overflow in AuthenticatedEncryptionProvider.cs (#3063)
Browse files Browse the repository at this point in the history
An overflow in the arithmetic expression authenticatedData.Length * 8 with type int(32 bits, signed) can occur before casting into wider type long(64 bits, signed)
  • Loading branch information
gparametr authored Jan 8, 2025
1 parent ead4201 commit 36ec5c0
Showing 1 changed file with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ private AuthenticatedEncryptionResult EncryptWithAesCbc(byte[] plaintext, byte[]
throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10654, ex)));
}

byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8);
byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8L);
byte[] macBytes = new byte[authenticatedData.Length + aes.IV.Length + ciphertext.Length + al.Length];
Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length);
Array.Copy(aes.IV, 0, macBytes, authenticatedData.Length, aes.IV.Length);
Expand All @@ -173,7 +173,7 @@ private byte[] DecryptWithAesCbc(byte[] ciphertext, byte[] authenticatedData, by
throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(
LogHelper.FormatInvariant(LogMessages.IDX10625, authenticationTag.Length, expectedTagLength, Base64UrlEncoder.Encode(authenticationTag), Algorithm)));

byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8);
byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8L);
byte[] macBytes = new byte[authenticatedData.Length + iv.Length + ciphertext.Length + al.Length];
Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length);
Array.Copy(iv, 0, macBytes, authenticatedData.Length, iv.Length);
Expand Down

0 comments on commit 36ec5c0

Please sign in to comment.