On Fri, Oct 8, 2021 at 12:02 AM Jeffrey Walton <noloa...@gmail.com> wrote:
>
> On Thu, Oct 7, 2021 at 5:11 AM Tony Stead <thst...@gmail.com> wrote:
> >
> > I have been using the Integer class for some big number operations and seem 
> > to have found a buffer overflow in at least the Integer::And routine, I 
> > have not yet inspected any more..
> >
> >  ...
> > The issue is casued in the temporary result variable.  When result copies t 
> > or this in its constructor, it calculates the minimum size required to fit 
> > the current number in t or this.  If the top order bits of t or this have 
> > gone zero it will allocate less bytes than the size of t or this.  However 
> > the following AndWords routine performs a copy using the size of the 
> > original number, either t or this.
> >
> > Changing the value to result.reg.size() appears to fix the issue at least 
> > for my use case.
>
> Thanks Tony.
>
> Do you have a reproducer? I'd like to look at it.
>
> We have test cases setup and they are run under the sanitizers. I
> don't recall seeing a finding. We might be missing a test case for it,
> however.

By the way, here's the test data we use for testing the integer
operations. It was generated using Java, so you should get the same
result between Crypto++ and Java. You can find the Java program at
http://github.com/weidai11/cryptopp/issues/336.

https://github.com/weidai11/cryptopp/blob/master/validat2.cpp#L34

Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8%3DV0irdq2q0NuhWuOSz7d%3Db7c5%3Dntk0ra6R1M8wckzGrg%40mail.gmail.com.

Reply via email to