From 26e06a7a1db276d85bbba2d90bcf923274bc0700 Mon Sep 17 00:00:00 2001
From: Max Lv <max.c.lv@gmail.com>
Date: Tue, 27 Feb 2018 21:14:16 +0800
Subject: [PATCH] Fix #1948

---
 src/aead.c   | 12 ++++++++----
 src/stream.c | 12 ++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/aead.c b/src/aead.c
index b80a5631..b85d0384 100644
--- a/src/aead.c
+++ b/src/aead.c
@@ -644,16 +644,20 @@ aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
     }
     plaintext->len = plen;
 
-    brealloc(ciphertext, plaintext->len, capacity);
-    memcpy(ciphertext->data, plaintext->data, plaintext->len);
-    ciphertext->len = plaintext->len;
-
     // Add the salt to bloom filter
     if (cipher_ctx->init == 1) {
+        if (ppbloom_check((void *)cipher_ctx->salt, salt_len) == 1) {
+            LOGE("crypto: AEAD: repeat salt detected");
+            return CRYPTO_ERROR;
+        }
         ppbloom_add((void *)cipher_ctx->salt, salt_len);
         cipher_ctx->init = 2;
     }
 
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
     return CRYPTO_OK;
 }
 
diff --git a/src/stream.c b/src/stream.c
index 5196c9ef..e6a798dc 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -592,18 +592,22 @@ stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
     dump("CIPHER", ciphertext->data, ciphertext->len);
 #endif
 
-    brealloc(ciphertext, plaintext->len, capacity);
-    memcpy(ciphertext->data, plaintext->data, plaintext->len);
-    ciphertext->len = plaintext->len;
-
     // Add to bloom filter
     if (cipher_ctx->init == 1) {
         if (cipher->method >= RC4_MD5) {
+            if (ppbloom_check((void *)cipher_ctx->nonce, cipher->nonce_len) == 1) {
+                LOGE("crypto: stream: repeat IV detected");
+                return CRYPTO_ERROR;
+            }
             ppbloom_add((void *)cipher_ctx->nonce, cipher->nonce_len);
             cipher_ctx->init = 2;
         }
     }
 
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
     return CRYPTO_OK;
 }