[gnunet] 03/05: UTIL: fix one-byte buffer over-reads.

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] 03/05: UTIL: fix one-byte buffer over-reads.

From:	gnunet
Subject:	[gnunet] 03/05: UTIL: fix one-byte buffer over-reads.
Date:	Mon, 06 Feb 2023 05:41:13 +0100

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository gnunet.

commit 3b5473735cb495ca50139adeb27e5135accaa22d
Author: ulfvonbelow <strilen@tilde.club>
AuthorDate: Sun Jan 29 05:15:30 2023 -0600

    UTIL: fix one-byte buffer over-reads.
    
    GNUNET_CRYPTO_hash_from_string2 uses enclen as the length of its buffer that
    it passes to GNUNET_STRINGS_utf8_toupper, but GNUNET_STRINGS_utf8_toupper 
adds
    a null terminator, so it should be enclen+1.
    
    GNUNET_CRYPTO_crc16_step reads 1 byte past the end of the buffer passed to
    it. It masks out that byte in computing the result, but it's still 
technically
    an overread and could in extremely-rare circumstances cause a segmentation 
or
    access fault. It also upsets sanitizers, preventing other bugs from being 
found.
    
    Signed-off-by: Martin Schanzenbach <schanzen@gnunet.org>
---
 src/util/crypto_crc.c  | 2 +-
 src/util/crypto_hash.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/crypto_crc.c b/src/util/crypto_crc.c
index 9328f2b84..f93b5b0b3 100644
--- a/src/util/crypto_crc.c
+++ b/src/util/crypto_crc.c
@@ -114,7 +114,7 @@ GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, 
size_t len)
   for (; len >= 2; len -= 2)
     sum += *(hdr++);
   if (len == 1)
-    sum += (*hdr) & ntohs (0xFF00);
+    sum += ntohs(*((uint8_t *)hdr) << 8);
   return sum;
 }
 
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index e45cb42e0..95c5c3480 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -73,7 +73,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc,
                                  size_t enclen,
                                  struct GNUNET_HashCode *result)
 {
-  char upper_enc[enclen];
+  char upper_enc[enclen+1];
   char *up_ptr = upper_enc;
 
   if (GNUNET_OK != GNUNET_STRINGS_utf8_toupper (enc, up_ptr))

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated (b2f9db3b8 -> d8cbbb5b6), gnunet, 2023/02/05
- [gnunet] 04/05: UTIL: fix memory leak in test., gnunet, 2023/02/05
- [gnunet] 03/05: UTIL: fix one-byte buffer over-reads., gnunet <=
- [gnunet] 02/05: UTIL: fix memory leaks in several places., gnunet, 2023/02/05
- [gnunet] 01/05: INCLUDE: change Mulit --> Multi in G_C_MulitHashMapIteratorCallback., gnunet, 2023/02/05
- [gnunet] 05/05: REVOCATION: add shutdown task earlier., gnunet, 2023/02/05

Prev by Date: [gnunet] 04/05: UTIL: fix memory leak in test.
Next by Date: [gnunet] 02/05: UTIL: fix memory leaks in several places.
Previous by thread: [gnunet] 04/05: UTIL: fix memory leak in test.
Next by thread: [gnunet] 02/05: UTIL: fix memory leaks in several places.
Index(es):
- Date
- Thread