Bug #4228 for Crypt-Rijndael: set_iv doesn't properly check length of argument.

RT for rt.cpan.org

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Crypt-Rijndael CPAN distribution.

Report information

The Basics

Id:	4228
Status:	resolved
Priority:	0/
Queue:	Crypt-Rijndael

People

Owner:	bdfoy [...] cpan.org
Requestors:	cpan [...] erik.aarg.net
Cc:
AdminCc:

Bug Information

Severity:	Critical
Broken in:	(no value)
Fixed in:	1.04

History Show all quoted text

Tue Oct 28 15:40:23 2003 Guest - Ticket created

Subject:

set_iv doesn't properly check length of argument.

If an IV of less than RIJNDAEL_BLOCKSIZE bytes is passed to set_iv(), it will copy uninitialized data into the IV, causing CBC to do some unpredictable things with the data. I am not sure what the proper behavior should be when less data is passed, but that isn't it. :)

Sat Mar 17 01:28:33 2007 bdfoy [...] cpan.org - Taken

Tue Nov 04 03:28:49 2008 bdfoy [...] cpan.org - Status changed from 'new' to 'open'

Sat May 23 10:26:03 2015 LEONT [...] cpan.org - Status changed from 'open' to 'resolved'

Sat May 23 10:26:05 2015 LEONT [...] cpan.org - Fixed in 1.04 added