From 1aaa5abb33f44e3abcd4b0638f7591265975c25a Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Wed, 2 Aug 2017 14:41:46 +0200
Subject: [PATCH] ocb3: check the length of the nonce

---
 src/encauth/ocb3/ocb3_init.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/encauth/ocb3/ocb3_init.c b/src/encauth/ocb3/ocb3_init.c
index ab3c8a7..1d88736 100644
--- a/src/encauth/ocb3/ocb3_init.c
+++ b/src/encauth/ocb3/ocb3_init.c
@@ -56,6 +56,12 @@ int ocb3_init(ocb3_state *ocb, int cipher,
    }
    ocb->cipher = cipher;
 
+   /* Valid Nonce?
+    * As of RFC7253: "string of no more than 120 bits" */
+   if (noncelen > (120/8)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* determine which polys to use */
    ocb->block_len = cipher_descriptor[cipher].block_length;
    x = (int)(sizeof(polys)/sizeof(polys[0]));