From 42f452626d0bcff9361a08c58877a9f2774a317e Mon Sep 17 00:00:00 2001 From: Henrique Pereira Date: Tue, 31 Mar 2026 09:32:09 -0600 Subject: [PATCH] Prevented Truncated Tag comparison No minimum tag length was enforced. A user supplying a 1-byte tag only needed to match the first byte of the real tag, reducing the authentication check to a 1-in-256 brute-force --- cli/commands.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cli/commands.c b/cli/commands.c index 120a6fc..0696371 100644 --- a/cli/commands.c +++ b/cli/commands.c @@ -257,6 +257,10 @@ int verify(int argc, char **argv) { if (expected_tag_len > sizeof tag) { expected_tag_len = sizeof tag; } + if (expected_tag_len < sizeof tag) { + fputs("MAC tag verification failed\n", stderr); + goto out; + } // compare the tag if (CRYPTO_memcmp(expected_tag, tag, expected_tag_len) != 0) {