-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BLAKE2b_Update can pass NULL to memcpy (undefined behavior) #8576
Comments
I think passing NULL to EVP_DigestUpdate is a misuse of the API,
but if you really want, you can just let it return when the size
is 0.
|
In my opinion that would be better. This is the only instance of NULL as a parameter to memcpy across all digests and symmetric ciphers in OpenSSL I found with fuzz testing. |
2 tasks
My proposed fix for this in #8587. |
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this issue
Mar 26, 2019
We treat that as automatic success. Other EVP_*Update functions already do this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is a bit of an anomoly. That treats 0 byte input length as an error. Fixes openssl#8576
levitte
pushed a commit
that referenced
this issue
Mar 27, 2019
We treat that as automatic success. Other EVP_*Update functions already do this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is a bit of an anomoly. That treats 0 byte input length as an error. Fixes #8576 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from #8587) (cherry picked from commit a8274ea)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following code will result in the second
memcpy
inBLAKE2b_Update
havingNULL
as an argument:C++:
I'm specifically using C++ and an std::vector as input here, because it demonstrates that
EVP_DigestUpdate
can reasonably receive a NULL pointer for its data parameter and0
for its size parameter; an empty vector, as in this example, will (or can) return NULL from itsdata
method.To put it differently:
Passing NULL to
memcpy
is undefined behavior and can lead to crashes: https://gcc.gnu.org/gcc-4.9/porting_to.htmlHence it would be best if the second
memcpy
gets wrapped in something likeif ( datalen ) { memcpy(c->buf + c->buflen, in, datalen); }
The text was updated successfully, but these errors were encountered: