Commit 69b0330a45 for openssl.org
commit 69b0330a4574609a0b9f3adbef1d68b552b37a01
Author: Neil Horman <nhorman@openssl.org>
Date: Tue Feb 3 14:14:39 2026 -0500
Fix buffer overrung in SRTPKDF
our fuzzer caught this:
https://github.com/openssl/openssl/actions/runs/21625445341/job/62324333796
Overnight.
We're getting a heap buffer overrun in the SRTP KDF.
Its caused by the fact that the fuzzer will occasionally generate salt
parameters that are very small, which passes the
OSSL_PARAM_get_octet_string function, but isn't long enough to be a
valid salt. Because of this, when we actually do the key derivation,
the SRTPKDF function assumes the salt is long enough and blindly
attempts to copy KDF_SRTP_SALT_LEN (14) bytes from the fetched parameter
into a local buffer, resulting in an overrun.
Fix it by checking the parameter length in the ctx_set_params method for
SRTPKDF, and if the octet string value is less than the required amount,
return an error to fail the ctx_set_params call.
While we're at it, based on review suggestions, also check that the
provided key parameter matches the requested cipher's expected key
length
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29938)
diff --git a/providers/implementations/kdfs/srtpkdf.c b/providers/implementations/kdfs/srtpkdf.c
index 5fe65831a9..24d9f39935 100644
--- a/providers/implementations/kdfs/srtpkdf.c
+++ b/providers/implementations/kdfs/srtpkdf.c
@@ -208,6 +208,7 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
KDF_SRTPKDF *ctx = vctx;
OSSL_LIB_CTX *libctx;
const EVP_CIPHER *cipher;
+ int key_len;
if (params == NULL)
return 1;
@@ -224,17 +225,25 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
cipher = ossl_prov_cipher_cipher(&ctx->cipher);
if (cipher == NULL)
return 0;
+
if (!EVP_CIPHER_is_a(cipher, "AES-128-CTR") && !EVP_CIPHER_is_a(cipher, "AES-192-CTR")
&& !EVP_CIPHER_is_a(cipher, "AES-256-CTR"))
return 0;
- if ((p.key != NULL)
- && !srtpkdf_set_membuf(&ctx->key, &ctx->key_len, p.key))
- return 0;
+ if (p.key != NULL) {
+ key_len = EVP_CIPHER_get_key_length(cipher);
+ if (!srtpkdf_set_membuf(&ctx->key, &ctx->key_len, p.key))
+ return 0;
+ if (ctx->key_len != (size_t)key_len)
+ return 0;
+ }
- if ((p.salt != NULL)
- && !srtpkdf_set_membuf(&ctx->salt, &ctx->salt_len, p.salt))
- return 0;
+ if (p.salt != NULL) {
+ if (!srtpkdf_set_membuf(&ctx->salt, &ctx->salt_len, p.salt))
+ return 0;
+ if (ctx->salt_len < KDF_SRTP_SALT_LEN)
+ return 0;
+ }
if ((p.index != NULL)
&& !srtpkdf_set_membuf(&ctx->index, &ctx->index_len, p.index))