bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] sm3: support to compile with libgcrypt


From: Bruno Haible
Subject: Re: [PATCH] sm3: support to compile with libgcrypt
Date: Tue, 21 Nov 2017 00:11:53 +0100
User-agent: KMail/5.1.3 (Linux/4.4.0-98-generic; KDE/5.18.0; x86_64; ; )

The code in lib/gc-gnulib.c line 823
    sm3_finish_ctx (&ctx->sm3Context, ctx->hash);
passes a buffer of size 20 to a function which writes 32 bytes into it.
Thus provoking a buffer overrun.

This should fix it.


2017-11-20  Bruno Haible  <address@hidden>

        crypto/gc-sm3: Fix buffer overrun.
        * lib/gc-gnulib.c (MAX_DIGEST_SIZE): Bump to 32.
        Reported by Coverity.

diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c
index f888cf5..62074b1 100644
--- a/lib/gc-gnulib.c
+++ b/lib/gc-gnulib.c
@@ -602,7 +602,7 @@ gc_cipher_close (gc_cipher_handle handle)
 
 /* Hashes. */
 
-#define MAX_DIGEST_SIZE 20
+#define MAX_DIGEST_SIZE 32
 
 typedef struct _gc_hash_ctx
 {




reply via email to

[Prev in Thread] Current Thread [Next in Thread]