Date: Mon, 14 May 2007 05:00:38 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libmd/i386 rmd160.S sha.S Message-ID: <200705140500.l4E50cSp082379@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
cperciva 2007-05-14 05:00:38 UTC
FreeBSD src repository
Modified files:
lib/libmd/i386 rmd160.S sha.S
Log:
Use unsigned comparisons. Prior to this commit, SHA1_Update and
RIPEMD160_Update were broken when all of the following conditions
applied:
(1) The platform is i386.
(2) The program calling *_Update is statically linked to libmd.
(3) The buffer provided to *_Update is aligned modulo 4 bytes.
(4) The buffer extends beyond 2GB.
Due to the design of this code, SHA1_Update and RIPEMD160_Update will
still be broken if conditions (1)-(3) apply AND the buffer extends
beyond 4GB (i.e., there is an integer overflow in computing "data + len").
Since this remaining bug simply replaces SIGSEGV with a bogus hash (and
non-broken programs should never provide such operands) I don't consider
it to be a serious problem.
MFC After: 1 week
PR: kern/102795
Revision Changes Path
1.4 +2 -1 src/lib/libmd/i386/rmd160.S
1.3 +2 -1 src/lib/libmd/i386/sha.S
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705140500.l4E50cSp082379>