Hello and best wishes for new year,
I was debugging an invalid memory access in gnutls and realized that
the issue is in memxor3 of nettle (2.7.x branch). I have not yet a fix
for that, but the attached patch modifies the memxor-test.c to reproduce
the issue.
regards,
Nikos
$ valgrind ./memxor-test
[...]
==26108== Invalid read of size 8
==26108== at 0x4E817BD: memxor3 (memxor.s:137)
==26108== by 0x4029D8: test_main (memxor-test.c:157)
==26108== by 0x4024C6: main (testutils.c:204)
==26108== Address 0x5094498 is 104 bytes inside a block of size 111
alloc'd
==26108== at 0x4A0645D: malloc
(in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26108== by 0x402909: test_main (memxor-test.c:152)
==26108== by 0x4024C6: main (testutils.c:204)
==26108==
==26108==
diff --git a/testsuite/memxor-test.c b/testsuite/memxor-test.c
index 3319433..84d0a7d 100644
--- a/testsuite/memxor-test.c
+++ b/testsuite/memxor-test.c
@@ -73,11 +73,15 @@ test_memxor3 (const uint8_t *ain, const uint8_t *bin, const
uint8_t *c,
ASSERT (MEMEQ (size, dst, c));
ASSERT (dst[-1] == 17);
ASSERT (dst[size] == 17);
+
}
void
test_main(void)
{
+ uint8_t dst_buf[MAX_SIZE];
+ uint8_t *c_buf;
+ uint8_t *d_buf;
const uint8_t *a = H("ecc8737f 38f2f9e8 86b9d84c 42a9c7ef"
"27a50860 49c6be97 c5cc6c35 3981b367"
"f8b4397b 951e3b2f 35749fe1 25884fa6"
@@ -144,4 +148,15 @@ test_main(void)
for (align_b = 0; align_b < ALIGN_SIZE; align_b++)
test_memxor3 (a, b, c, size[i], align_dst, align_a, align_b);
}
+
+ c_buf = malloc(111);
+ d_buf = malloc(111);
+ memset(c_buf, 1, 111);
+ memset(d_buf, 3, 111);
+
+ memxor3 (dst_buf+13, c_buf+96, d_buf, 15);
+
+ ASSERT(dst_buf[14] == 2);
+ free(c_buf);
+ free(d_buf);
}
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
