[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792
|
From: |
Friedrich Beckmann |
|
Subject: |
Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792 |
|
Date: |
Mon, 3 Jul 2017 23:37:30 +0200 |
Hi John,
today I looked a little bit at the hash function. I think the problem is that
compared to
the referenced code the x parameter is type int instead of unsigned int.
Googling around the
overflow behavior of signed and the shift right of signed is not defined in the
c standard
although „many?" implementations assume 2th complement signed implementation.
Both is well
defined for unsigned int operations.
I changed the parameter type from int to unsigned int and I cannot see a
problem in the regression.
But looking at the code I wondered if this hash function also works on 64 Bit
architectures. The
reference only talks about uint32_t.
Regards
Friedrich
> Am 03.07.2017 um 20:50 schrieb John Darrington <address@hidden>:
>
> I suspect this report is mistaken. But this bit is Ben's code, so I'll let
> him comment on
> that.
>
> J'
>
> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
> Dear owl337 team,
>
> thanks for looking at pspp and finding the security problems
>
> https://security-tracker.debian.org/tracker/CVE-2017-10791
>
> and
>
> https://security-tracker.debian.org/tracker/CVE-2017-10792
>
> in pspp! Your reports are quite detailed. Could you describe how you
> found the problems, i.e. do
> you have some information about collAFL?
>
> Regards
>
> Friedrich
>
>
signature.asc
Description: Message signed with OpenPGP using GPGMail