bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] sm3: support to compile with libgcrypt


From: Jia Zhang
Subject: Re: [PATCH] sm3: support to compile with libgcrypt
Date: Tue, 21 Nov 2017 09:02:07 +0800
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Hi Bruno,

This fix looks good enough.

Thanks,
Jia

在 2017/11/21 上午7:11, Bruno Haible 写道:
> The code in lib/gc-gnulib.c line 823
>     sm3_finish_ctx (&ctx->sm3Context, ctx->hash);
> passes a buffer of size 20 to a function which writes 32 bytes into it.
> Thus provoking a buffer overrun.
> 
> This should fix it.
> 
> 
> 2017-11-20  Bruno Haible  <address@hidden>
> 
>       crypto/gc-sm3: Fix buffer overrun.
>       * lib/gc-gnulib.c (MAX_DIGEST_SIZE): Bump to 32.
>       Reported by Coverity.
> 
> diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c
> index f888cf5..62074b1 100644
> --- a/lib/gc-gnulib.c
> +++ b/lib/gc-gnulib.c
> @@ -602,7 +602,7 @@ gc_cipher_close (gc_cipher_handle handle)
>  
>  /* Hashes. */
>  
> -#define MAX_DIGEST_SIZE 20
> +#define MAX_DIGEST_SIZE 32
>  
>  typedef struct _gc_hash_ctx
>  {
> 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]