Date: Mon, 14 May 2007 09:52:52 -0700 From: Colin Percival <cperciva@freebsd.org> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libmd/i386 rmd160.S sha.S Message-ID: <464893E4.4020902@freebsd.org> In-Reply-To: <4648921F.1090407@FreeBSD.org> References: <200705140500.l4E50cSp082379@repoman.freebsd.org> <4648921F.1090407@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Sobolev wrote: > Colin Percival wrote: >> (1) The platform is i386. > [...] >> still be broken if conditions (1)-(3) apply AND the buffer extends >> beyond 4GB (i.e., there is an integer overflow in computing "data + >> len"). > > How that could be? Isn't userland address space on i386 limited by 4GB? Exactly -- that's why I said that the remaining bug replaces SIGSEGV (since a "correct" implementation would try to read kernel memory on its way towards an address overflow) with a bogus hash. This is strictly a "call us with bogus parameters, get a bogus result" issue. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464893E4.4020902>