Prevent invalid memory read when AES-CBC decrypting.
The issue happens when the ciphertext is not a multiple of the block size.
BUG=300681
Review URL: https://codereview.chromium.org/25164002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@226199 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/crypto/encryptor_unittest.cc b/crypto/encryptor_unittest.cc
index 2f28518..2a21a8e13 100644
--- a/crypto/encryptor_unittest.cc
+++ b/crypto/encryptor_unittest.cc
@@ -530,3 +530,29 @@
EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
ciphertext.size()));
}
+
+TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) {
+ std::string key = "128=SixteenBytes";
+ std::string iv = "Sweet Sixteen IV";
+
+ scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
+ crypto::SymmetricKey::AES, key));
+ ASSERT_TRUE(sym_key.get());
+
+ crypto::Encryptor encryptor;
+ // The IV must be exactly as long a the cipher block size.
+ EXPECT_EQ(16U, iv.size());
+ EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
+
+ // Use a separately allocated array to improve the odds of the memory tools
+ // catching invalid accesses.
+ //
+ // Otherwise when using std::string as the other tests do, accesses several
+ // bytes off the end of the buffer may fall inside the reservation of
+ // the string and not be detected.
+ scoped_ptr<char[]> ciphertext(new char[1]);
+
+ std::string plaintext;
+ EXPECT_FALSE(
+ encryptor.Decrypt(base::StringPiece(ciphertext.get(), 1), &plaintext));
+}
