Using memcpy on overlapping regions of memory is undefined behavior in C.
In engines/ccgost/gosthash.c, the circle_xor8() function uses memcpy to
copy data between the two arrays passed as arguments, but in some cases
(e.g., the third call to circle_xor8 in hash_step() in the same file) the
two arguments are identical. Use memmove instead to avoid any problems.
Nickolai.
--- openssl-1.0.1c/engines/ccgost/gosthash.c 2009-12-22 06:52:15.000000000
-0500
+++ openssl-1.0.1c/engines/ccgost/gosthash.c 2013-01-07 15:56:39.716975869
-0500
@@ -42,7 +42,7 @@
byte buf[8];
int i;
memcpy(buf,w,8);
- memcpy(k,w+8,24);
+ memmove(k,w+8,24);
for(i=0;i<8;i++)
k[i+24]=buf[i]^k[i];
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
