[Cryptography] Bug in Signal - and what it says about, programming
David Kane-Parry
dkp at ldd.org
Fri Sep 16 15:42:52 EDT 2016
On Sep 16, 2016, at 10:35 AM, Vikas Kumar <vikas at vikaskumar.org> wrote:
>> Date: Thu, 15 Sep 2016 18:48:14 -0400
>> From: Jerry Leichter <leichter at lrw.com>
>>
>> http://arstechnica.com/security/2016/09/signal-fixes-bug-that-let-attackers-tamper-with-encrypted-messages/ (which has links to the actual release) describes a few recently-reported bugs in the Android version of Signal. They actually include the vulnerable line of code:
>>
>> int remainingData = (int) file.length() - mac.getMacLength();
>
> Instead the developer should have done this:
>
> ssize_t remainingData = file.length() - mac.getMacLength();
Except that if you had read the article, you would know that the vulnerable code was written in Java, not C.
From https://pwnaccelerator.github.io/2016/signal-part1.html …
"As seen above remainingData is of type int and calculated from the length of the file subtracted by the MAC length. Since file.length() will return a value of type long and files may be larger than Integer.MAX_VALUE, remainingData will wrap around."
- d.
More information about the cryptography
mailing list