You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 2, 2023. It is now read-only.
An uninitialized buffer is used to make space for the final storage of the hash. This uninitialized buffer is passed straight to HashAlgo::finalize_into. We realize that HashAlgos should only write to the hash H, it is possible to implement a HashAlgo that reads and uses this uninitialized memory which invokes undefined behavior in Rust.
Some measures you might consider to fix this:
Zero initialize the hash (might come with a performance hit)
Hi there, we (Rust group @sslab-gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in
Balloon::hash
rust-balloons/src/balloon.rs
Lines 101 to 111 in 6b0ce59
An uninitialized buffer is used to make space for the final storage of the hash. This uninitialized buffer is passed straight to
HashAlgo::finalize_into
. We realize thatHashAlgo
s should only write to the hashH
, it is possible to implement aHashAlgo
that reads and uses this uninitialized memory which invokes undefined behavior in Rust.Some measures you might consider to fix this:
MaybeUninit
tofinalize_into
https://doc.rust-lang.org/std/mem/union.MaybeUninit.html#out-pointersfinalize_into
method asunsafe
and document that the passed in hash should never be read.The text was updated successfully, but these errors were encountered: