[botan-devel] Possible Bug in PKCS#7 padding

Tarik Guelzim guelzimtr at gmail.com
Mon Apr 23 13:25:30 EDT 2012


Hello,

I have a question regarding this code in "
src/filters/modes/mode_pad/mode_pad.cpp"

The for loop looks like it shouldn't start from '0' otherwise the entire
block is erased with the "pad_value" value.


00022 /*00023 * Pad with PKCS #7 Method00024 */00025
<http://botan.randombit.net/doxygen/classBotan_1_1PKCS7__Padding.html#affba3107036108263906e0e704c02143>
void PKCS7_Padding::pad
<http://botan.randombit.net/doxygen/classBotan_1_1PKCS7__Padding.html#affba3107036108263906e0e704c02143>(byte
<http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>
block[], size_t size, size_t position) const00026    {00027    const
size_t bytes_remaining = size - position;00028    const byte
<http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>
pad_value = static_cast<byte
<http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>>(bytes_remaining);00029
00030    BOTAN_ASSERT_EQUAL
<http://botan.randombit.net/doxygen/assert_8h.html#a8bba1994be04468a4293aa1c6d4a2860>(pad_value,
bytes_remaining,00031                       "Overflow in
PKCS7_Padding");00032 00033    for(size_t j = 0; j != size; ++j)00034
     block[j] = pad_value;00035    }


---

*Tarik Guelzim*
http://tarikguelzim.wordpress.com
http://www.linkedin.com/in/tarikguelzim
https://twitter.com/#!/tarikguelzim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20120423/b4a5c694/attachment.html>


More information about the botan-devel mailing list