Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Jun 2012 12:52:36 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: asan report

On 2012-06-30 12:42, jfoug wrote:
>> From: magnum [mailto:john.magnum@...hmail.com]
>> Attached is a diff showing what I mean. But the same problem is also in
>> all the hard-coded test vectors. Should we really fix this?
> 
> I was not even thinking of this one (but it certainly is another example).  
> 
> What I was thinking of doing, was to have a stack buffer, and strcpy the key
> into this, prior to sending it to fmt->set_key();

Yes my code was just an example. I think we should do a set_key_wrapper
that works like you say that is used in the self tests (fixes the test
vectors too). Though it will affect benchmark speeds.

> Also, your null could simply have been 
> 
> char null[8] = {0};
> 
> All of the code I know about, would look up to 4 bytes past end of buffer
> (if buffer was "").  It is all in SSE code.  But setting it to be 8 bytes,
> would not hurt anything, and then if we later used 8 bytes (not sure we
> would), then we would be covered.  No reason to alloc this.

We need to alloc the full length, for formats that do memcpy(d, s,
PLAINTEXT_LENGTH)


magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.