New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KMAC buffer overflow fix #14810
KMAC buffer overflow fix #14810
Conversation
I've also run through and converted the sizes to size_t. |
Previously there was an off by two error allowing a stack buffer overrun. Avoided this by allocating a correct sized buffer on the stack. A side effect is that the maximum size of the customisation string can be increased.
Should be all happy for a re-review now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.. A few negative tests might be good.
e.g Custom string = 256 bytes..
Added an overly long customisation string test case (257 characters). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved if test pass..
Pauli can you try to remember to add the #fixes to the description at the top please... ( I added it here and in another recent PR). |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #14810)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #14810)
Previously there was an off by two error allowing a stack buffer overrun. Avoided this by allocating a correct sized buffer on the stack. A side effect is that the maximum size of the customisation string can be increased. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #14810)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #14810)
Merged to master, I'll try to remember to include the fixes. |
Fixes a buffer overflow (two byte on the stack).
Also increases the length of the customisation string.
Fixes #14795