diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-16 16:23:12 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-16 16:23:38 +0200 |
| commit | fd61b9fc22faaa946ca43211c6c43b40ca4a860c (patch) | |
| tree | 6675347c14e5602e64cda0b5d692bccaf20c0aef /src/crypto/ripemd160.cpp | |
| parent | 47ec8318a6576f704d0c8c9795e2717f4e34cd1d (diff) | |
| parent | c01c065b9ded3399a6a480f15543827dd5e8eb4d (diff) | |
| download | bitcoin-fd61b9fc22faaa946ca43211c6c43b40ca4a860c.tar.xz | |
Merge #15950: Do not construct out-of-bound pointers in SHA2 code
c01c065b9ded3399a6a480f15543827dd5e8eb4d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille)
Pull request description:
This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers).
I discovered this while investigating #14580. Sadly, it does not fix it.
ACKs for commit c01c06:
practicalswift:
utACK c01c065b9ded3399a6a480f15543827dd5e8eb4d
Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
Diffstat (limited to 'src/crypto/ripemd160.cpp')
| -rw-r--r-- | src/crypto/ripemd160.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/ripemd160.cpp b/src/crypto/ripemd160.cpp index a00331dcb7..edee06cc34 100644 --- a/src/crypto/ripemd160.cpp +++ b/src/crypto/ripemd160.cpp @@ -256,7 +256,7 @@ CRIPEMD160& CRIPEMD160::Write(const unsigned char* data, size_t len) ripemd160::Transform(s, buf); bufsize = 0; } - while (end >= data + 64) { + while (end - data >= 64) { // Process full chunks directly from the source. ripemd160::Transform(s, data); bytes += 64; |