From af584994a237573b3b6d3575a511959b1ff3e30d Mon Sep 17 00:00:00 2001
From: Jeremy Lakeman <Jeremy.Lakeman@gmail.com>
Date: Fri, 22 Feb 2013 16:27:37 +1030
Subject: [PATCH] Ensure encryption buffer doesn't move between nonce and
 cypher text allocation

---
 overlay_buffer.c |  2 +-
 overlay_mdp.c    | 15 +++++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/overlay_buffer.c b/overlay_buffer.c
index 41b6827b..06b9a0a1 100644
--- a/overlay_buffer.c
+++ b/overlay_buffer.c
@@ -147,7 +147,7 @@ int ob_makespace(struct overlay_buffer *b,int bytes)
   }
   
   // already enough space?
-  if (b->position + bytes < b->allocSize)
+  if (b->position + bytes <= b->allocSize)
     return 0;
   
   if (b->bytes && !b->allocated)
diff --git a/overlay_mdp.c b/overlay_mdp.c
index 17a79238..97be60e8 100644
--- a/overlay_mdp.c
+++ b/overlay_mdp.c
@@ -327,8 +327,13 @@ int overlay_mdp_decrypt(struct overlay_frame *f, overlay_mdp_frame *mdp)
       }
       
       unsigned char *nonce=ob_get_bytes_ptr(f->payload, nb);
+      if (!nonce)
+	RETURN(WHYF("Expected %d bytes of nonce", nb));
+      
       int cipher_len=ob_remaining(f->payload);
       unsigned char *cipher_text=ob_get_bytes_ptr(f->payload, cipher_len);
+      if (!cipher_text)
+	RETURN(WHYF("Expected %d bytes of cipher text", cipher_len));
       
       unsigned char plain_block[cipher_len+cz];
       
@@ -680,9 +685,9 @@ int overlay_mdp_dispatch(overlay_mdp_frame *mdp,int userGeneratedFrameP,
       ob_free(plaintext);
       
       frame->payload = ob_new();
-      ob_makespace(frame->payload, nb+cipher_len);
       
-      unsigned char *nonce = ob_append_space(frame->payload, nb);
+      unsigned char *nonce = ob_append_space(frame->payload, nb+cipher_len);
+      unsigned char *cipher_text = nonce + nb;
       if (!nonce)
 	RETURN(-1);
       if (urandombytes(nonce,nb)) {
@@ -699,12 +704,6 @@ int overlay_mdp_dispatch(overlay_mdp_frame *mdp,int userGeneratedFrameP,
 	op_free(frame);
 	RETURN(WHY("could not compute Curve25519(NxM)")); 
       }
-      /* Get pointer to place in frame where the ciphered text needs to go */
-      unsigned char *cipher_text=ob_append_space(frame->payload,cipher_len);
-      if ((!cipher_text)){
-	op_free(frame);
-	RETURN(WHY("could not make space for ciphered text")); 
-      }
       /* Actually authcrypt the payload */
       if (crypto_box_curve25519xsalsa20poly1305_afternm
 	  (cipher_text,plain,cipher_len,nonce,k)){