Re: [PATCH] sm3: support to compile with libgcrypt

Jia Zhang Mon, 20 Nov 2017 17:03:29 -0800

Hi Bruno,

This fix looks good enough.


Thanks,
Jia

在 2017/11/21 上午7:11, Bruno Haible 写道:
> The code in lib/gc-gnulib.c line 823
>     sm3_finish_ctx (&ctx->sm3Context, ctx->hash);
> passes a buffer of size 20 to a function which writes 32 bytes into it.
> Thus provoking a buffer overrun.
> 
> This should fix it.
> 
> 
> 2017-11-20  Bruno Haible  <br...@clisp.org>
> 
>       crypto/gc-sm3: Fix buffer overrun.
>       * lib/gc-gnulib.c (MAX_DIGEST_SIZE): Bump to 32.
>       Reported by Coverity.
> 
> diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c
> index f888cf5..62074b1 100644
> --- a/lib/gc-gnulib.c
> +++ b/lib/gc-gnulib.c
> @@ -602,7 +602,7 @@ gc_cipher_close (gc_cipher_handle handle)
>  
>  /* Hashes. */
>  
> -#define MAX_DIGEST_SIZE 20
> +#define MAX_DIGEST_SIZE 32
>  
>  typedef struct _gc_hash_ctx
>  {
>

Re: [PATCH] sm3: support to compile with libgcrypt

Reply via email to