From d9a363606bef67d9790c2a1969380749b8c6c2e4 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 21 Sep 2020 15:29:37 +0200 Subject: [PATCH] nts: reset packet length after failed auth encryption If encryption of the NTS authenticator field fails, don't leave uninitialized data in the packet in case a bug causes the packet to be sent. --- nts_ntp_auth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c index 7580377..ac0763e 100644 --- a/nts_ntp_auth.c +++ b/nts_ntp_auth.c @@ -112,6 +112,7 @@ NNA_GenerateAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv, if (!SIV_Encrypt(siv, nonce, nonce_length, packet, assoc_length, plaintext, plaintext_length, ciphertext, ciphertext_length)) { DEBUG_LOG("SIV encrypt failed"); + info->length = assoc_length; return 0; }