New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPHINCS+ memcpy source and destination overlap - undefined behavior #1038
Comments
Yikes -- good catch! Hard to believe the upstreams didn't encounter this before, at least PQClean: Shouldn't this issue then rather be opened there? |
Yes, thanks. Created an issue in PQClean that links to the one here. |
Is this still an issue with the new Sphincs+ code or can this be closed by now? |
I checked and it appears to not be an issue anymore with the current version. Closing. |
The SPHINCS+ implementations have cases of memcpy use where the source and destination overlap. According to the C standard and posix, memcpy behavior is undefined if memory regions overlap.
Detected using valgrind on ppc64le/Ubuntu focal. Memcpy implementations vary, so it seems to be not detected with valgrind on x86_64.
The cause in
gen_chain
:liboqs/src/sig/sphincs/pqclean_sphincs-haraka-128f-robust_clean/wots.c
Lines 37 to 44 in d9fb4e0
Used for example by
wots_gen_pk
, where src and dst are the same. The replicated code of all variants is affected:liboqs/src/sig/sphincs/pqclean_sphincs-haraka-128f-robust_clean/wots.c
Lines 122 to 123 in d9fb4e0
Using memmove would be the safe alternative, or avoid memcpy if src and dst are the same.
Below is the valgrind log. It's part of a constant-time check, but the issues detected are because of overlapping memory.
ppc64le.txt
The text was updated successfully, but these errors were encountered: