Uploaded image for project: 'Parquet'
  1. Parquet
  2. PARQUET-1997

[C++] AesEncryptor and AesDecryptor primitives are unsafe

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: parquet-cpp
    • Labels:
      None

      Description

      AesEncryptor::Encrypt, AesDecryptor::Decrypt take a pointer to the output buffer but without the output buffer length. The caller is required to guess the expected output length. The functions also return the written output length, but at this point it's too late: data may have been written out of bounds.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              apitrou Antoine Pitrou
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: