Package: libcrypto++6 Version: 5.6.3-6 Severity: important Tags: patch Dear Maintainer,
The code in cmac.cpp CMAC_Base::Update() has an assertion that fails if a zero-length section is passed into it. Zero is meant to work: there's a guard for zero length just after the assertion. Swapping the assertion and the guard allows correct behaviour. diff -u -r libcrypto++-5.6.3/cmac.cpp libcrypto++-5.6.3-local/cmac.cpp --- libcrypto++-5.6.3/cmac.cpp 2015-11-14 00:04:22.000000000 +1100 +++ libcrypto++-5.6.3-local/cmac.cpp 2016-08-02 10:49:51.659422114 +1000 @@ -57,9 +57,9 @@ void CMAC_Base::Update(const byte *input, size_t length) { - assert((input && length) || !(input || length)); if (!length) return; + assert((input && length) || !(input || length)); BlockCipher &cipher = AccessCipher(); unsigned int blockSize = cipher.BlockSize(); -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf, armel, arm64 Kernel: Linux 4.7.0-rc6 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages libcrypto++6 depends on: ii libc6 2.22-9 ii libgcc1 1:6.1.1-3 ii libstdc++6 6.1.1-3 libcrypto++6 recommends no packages. libcrypto++6 suggests no packages. -- no debconf information