aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2019-05-16 16:23:12 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2019-05-16 16:23:38 +0200
commitfd61b9fc22faaa946ca43211c6c43b40ca4a860c (patch)
tree6675347c14e5602e64cda0b5d692bccaf20c0aef
parent47ec8318a6576f704d0c8c9795e2717f4e34cd1d (diff)
parentc01c065b9ded3399a6a480f15543827dd5e8eb4d (diff)
Merge #15950: Do not construct out-of-bound pointers in SHA2 code
c01c065b9ded3399a6a480f15543827dd5e8eb4d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille) Pull request description: This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers). I discovered this while investigating #14580. Sadly, it does not fix it. ACKs for commit c01c06: practicalswift: utACK c01c065b9ded3399a6a480f15543827dd5e8eb4d Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
-rw-r--r--src/crypto/ripemd160.cpp2
-rw-r--r--src/crypto/sha1.cpp2
-rw-r--r--src/crypto/sha512.cpp2
3 files changed, 3 insertions, 3 deletions
diff --git a/src/crypto/ripemd160.cpp b/src/crypto/ripemd160.cpp
index a00331dcb7..edee06cc34 100644
--- a/src/crypto/ripemd160.cpp
+++ b/src/crypto/ripemd160.cpp
@@ -256,7 +256,7 @@ CRIPEMD160& CRIPEMD160::Write(const unsigned char* data, size_t len)
ripemd160::Transform(s, buf);
bufsize = 0;
}
- while (end >= data + 64) {
+ while (end - data >= 64) {
// Process full chunks directly from the source.
ripemd160::Transform(s, data);
bytes += 64;
diff --git a/src/crypto/sha1.cpp b/src/crypto/sha1.cpp
index 5c601c54a6..3dcdcb186e 100644
--- a/src/crypto/sha1.cpp
+++ b/src/crypto/sha1.cpp
@@ -163,7 +163,7 @@ CSHA1& CSHA1::Write(const unsigned char* data, size_t len)
sha1::Transform(s, buf);
bufsize = 0;
}
- while (end >= data + 64) {
+ while (end - data >= 64) {
// Process full chunks directly from the source.
sha1::Transform(s, data);
bytes += 64;
diff --git a/src/crypto/sha512.cpp b/src/crypto/sha512.cpp
index bc64135cae..4e6aa363f7 100644
--- a/src/crypto/sha512.cpp
+++ b/src/crypto/sha512.cpp
@@ -168,7 +168,7 @@ CSHA512& CSHA512::Write(const unsigned char* data, size_t len)
sha512::Transform(s, buf);
bufsize = 0;
}
- while (end >= data + 128) {
+ while (end - data >= 128) {
// Process full chunks directly from the source.
sha512::Transform(s, data);
data += 128;