From 6821e1bd94969106a70e3de17b86f6e6181f4e59 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Wed, 23 Mar 2016 03:45:21 +0100
Subject: Fix buffer overrun in gettag for Poly1305

* cipher/cipher-poly1305.c: copy a fixed length instead of the
  user-supplied number.
--

The outbuflen is used to check the minimum size, the real tag is always
of fixed length.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
---
 cipher/cipher-poly1305.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c
index 965a7b66..fb817742 100644
--- a/cipher/cipher-poly1305.c
+++ b/cipher/cipher-poly1305.c
@@ -215,7 +215,7 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
 {
   gcry_err_code_t err;
 
-  if (outbuflen < GCRY_GCM_BLOCK_LEN)
+  if (outbuflen < POLY1305_TAGLEN)
     return GPG_ERR_BUFFER_TOO_SHORT;
   if (c->u_mode.poly1305.bytecount_over_limits)
     return GPG_ERR_INV_LENGTH;
@@ -244,10 +244,10 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
     }
 
   if (check)
-    return buf_eq_const(outbuf, c->u_iv.iv, outbuflen) ?
+    return buf_eq_const(outbuf, c->u_iv.iv, POLY1305_TAGLEN) ?
            GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM;
 
-  memcpy (outbuf, c->u_iv.iv, outbuflen);
+  memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN);
   return GPG_ERR_NO_ERROR;
 }
 
-- 
cgit v1.2.1