[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 03/05: UTIL: fix one-byte buffer over-reads.
From: |
gnunet |
Subject: |
[gnunet] 03/05: UTIL: fix one-byte buffer over-reads. |
Date: |
Mon, 06 Feb 2023 05:41:13 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 3b5473735cb495ca50139adeb27e5135accaa22d
Author: ulfvonbelow <strilen@tilde.club>
AuthorDate: Sun Jan 29 05:15:30 2023 -0600
UTIL: fix one-byte buffer over-reads.
GNUNET_CRYPTO_hash_from_string2 uses enclen as the length of its buffer that
it passes to GNUNET_STRINGS_utf8_toupper, but GNUNET_STRINGS_utf8_toupper
adds
a null terminator, so it should be enclen+1.
GNUNET_CRYPTO_crc16_step reads 1 byte past the end of the buffer passed to
it. It masks out that byte in computing the result, but it's still
technically
an overread and could in extremely-rare circumstances cause a segmentation
or
access fault. It also upsets sanitizers, preventing other bugs from being
found.
Signed-off-by: Martin Schanzenbach <schanzen@gnunet.org>
---
src/util/crypto_crc.c | 2 +-
src/util/crypto_hash.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/crypto_crc.c b/src/util/crypto_crc.c
index 9328f2b84..f93b5b0b3 100644
--- a/src/util/crypto_crc.c
+++ b/src/util/crypto_crc.c
@@ -114,7 +114,7 @@ GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf,
size_t len)
for (; len >= 2; len -= 2)
sum += *(hdr++);
if (len == 1)
- sum += (*hdr) & ntohs (0xFF00);
+ sum += ntohs(*((uint8_t *)hdr) << 8);
return sum;
}
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index e45cb42e0..95c5c3480 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -73,7 +73,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc,
size_t enclen,
struct GNUNET_HashCode *result)
{
- char upper_enc[enclen];
+ char upper_enc[enclen+1];
char *up_ptr = upper_enc;
if (GNUNET_OK != GNUNET_STRINGS_utf8_toupper (enc, up_ptr))
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.