Prevent invalid memory read when AES-CBC decrypting.

The issue happens when the ciphertext is not a multiple of the block size.

BUG=300681

Review URL: https://codereview.chromium.org/25164002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@226199 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/crypto/encryptor_unittest.cc b/crypto/encryptor_unittest.cc
index 2f28518..2a21a8e13 100644
--- a/crypto/encryptor_unittest.cc
+++ b/crypto/encryptor_unittest.cc
@@ -530,3 +530,29 @@
   EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
                                                      ciphertext.size()));
 }
+
+TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) {
+  std::string key = "128=SixteenBytes";
+  std::string iv = "Sweet Sixteen IV";
+
+  scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
+      crypto::SymmetricKey::AES, key));
+  ASSERT_TRUE(sym_key.get());
+
+  crypto::Encryptor encryptor;
+  // The IV must be exactly as long a the cipher block size.
+  EXPECT_EQ(16U, iv.size());
+  EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
+
+  // Use a separately allocated array to improve the odds of the memory tools
+  // catching invalid accesses.
+  //
+  // Otherwise when using std::string as the other tests do, accesses several
+  // bytes off the end of the buffer may fall inside the reservation of
+  // the string and not be detected.
+  scoped_ptr<char[]> ciphertext(new char[1]);
+
+  std::string plaintext;
+  EXPECT_FALSE(
+      encryptor.Decrypt(base::StringPiece(ciphertext.get(), 1), &plaintext));
+}