cryptopp crash w/null plaintext passed to decrypt

10 years ago · be5e829f97
2 changed files with 13 additions and 3 deletions
--- a/libdevcrypto/CryptoPP.cpp
+++ b/libdevcrypto/CryptoPP.cpp
@ -52,10 +52,12 @@ void Secp256k1::decrypt(Secret const& _k, bytes& io_text)
 {
 	CryptoPP::ECIES<CryptoPP::ECP>::Decryptor d;
 	initializeDLScheme(_k, d);
-	
-	// todo: test ecies w/null plaintext or ciphertext of \0
+
 	if (!io_text.size())
-		return;
+	{
+		io_text.resize(1);
+		io_text[0] = 0;
+	}
 	
 	size_t clen = io_text.size();
 	bytes plain;
--- a/test/crypto.cpp
+++ b/test/crypto.cpp
@ -44,6 +44,14 @@ static CryptoPP::OID s_curveOID(CryptoPP::ASN1::secp256k1());
 static CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> s_params(s_curveOID);
 static CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::EllipticCurve s_curve(s_params.GetCurve());

+BOOST_AUTO_TEST_CASE(cryptopp_patch)
+{
+	KeyPair k = KeyPair::create();
+	bytes io_text;
+	s_secp256k1.decrypt(k.sec(), io_text);
+	BOOST_REQUIRE_EQUAL(io_text.size(), 0);
+}
+
 BOOST_AUTO_TEST_CASE(verify_secert)
 {
 	h256 empty;