[Cryptography] Bug in Signal - and what it says about, programming

David Kane-Parry dkp at ldd.org
Fri Sep 16 15:42:52 EDT 2016


On Sep 16, 2016, at 10:35 AM, Vikas Kumar <vikas at vikaskumar.org> wrote:

>> Date: Thu, 15 Sep 2016 18:48:14 -0400
>> From: Jerry Leichter <leichter at lrw.com>
>> 
>> http://arstechnica.com/security/2016/09/signal-fixes-bug-that-let-attackers-tamper-with-encrypted-messages/ (which has links to the actual release) describes a few recently-reported bugs in the Android version of Signal.  They actually include the vulnerable line of code:
>> 
>> int remainingData = (int) file.length() - mac.getMacLength();
> 
> Instead the developer should have done this:
> 
> ssize_t remainingData = file.length() - mac.getMacLength();

Except that if you had read the article, you would know that the vulnerable code was written in Java, not C.

From https://pwnaccelerator.github.io/2016/signal-part1.html …

"As seen above remainingData is of type int and calculated from the length of the file subtracted by the MAC length. Since file.length() will return a value of type long and files may be larger than Integer.MAX_VALUE, remainingData will wrap around."

- d.



More information about the cryptography mailing list