[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] sm3: support to compile with libgcrypt
From: |
Bruno Haible |
Subject: |
Re: [PATCH] sm3: support to compile with libgcrypt |
Date: |
Tue, 21 Nov 2017 00:11:53 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-98-generic; KDE/5.18.0; x86_64; ; ) |
The code in lib/gc-gnulib.c line 823
sm3_finish_ctx (&ctx->sm3Context, ctx->hash);
passes a buffer of size 20 to a function which writes 32 bytes into it.
Thus provoking a buffer overrun.
This should fix it.
2017-11-20 Bruno Haible <address@hidden>
crypto/gc-sm3: Fix buffer overrun.
* lib/gc-gnulib.c (MAX_DIGEST_SIZE): Bump to 32.
Reported by Coverity.
diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c
index f888cf5..62074b1 100644
--- a/lib/gc-gnulib.c
+++ b/lib/gc-gnulib.c
@@ -602,7 +602,7 @@ gc_cipher_close (gc_cipher_handle handle)
/* Hashes. */
-#define MAX_DIGEST_SIZE 20
+#define MAX_DIGEST_SIZE 32
typedef struct _gc_hash_ctx
{
- Re: [PATCH] sm3: support to compile with libgcrypt,
Bruno Haible <=