* [PATCH] ell/tls: fix crash, don't index through adj. stack objs
@ 2019-10-28 19:41 Will Dietz
0 siblings, 0 replies; only message in thread
From: Will Dietz @ 2019-10-28 19:41 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 1179 bytes --]
Building with clang may make this more likely to crash,
problem is encountered on ell/tls.c:114 (before).
Also, use memmove as src/dst may overlap.
---
ell/tls.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ell/tls.c b/ell/tls.c
index 0e06c27..50df446 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -92,7 +92,8 @@ bool tls12_prf(enum l_checksum_type type,
{
struct l_checksum *hmac = l_checksum_new_hmac(type, secret, secret_len);
size_t a_len, chunk_len, prfseed_len = strlen(label) + seed_len;
- uint8_t a[128], prfseed[prfseed_len];
+ uint8_t a[128 + prfseed_len];
+ uint8_t *prfseed = &a[128];
if (!hmac)
return false;
@@ -108,10 +109,10 @@ bool tls12_prf(enum l_checksum_type type,
/* Generate A(i) */
l_checksum_reset(hmac);
l_checksum_update(hmac, a, a_len);
- a_len = l_checksum_get_digest(hmac, a, sizeof(a));
+ a_len = l_checksum_get_digest(hmac, a, 128);
/* Append seed & generate output */
- memcpy(a + a_len, prfseed, prfseed_len);
+ memmove(a + a_len, prfseed, prfseed_len);
l_checksum_reset(hmac);
l_checksum_update(hmac, a, a_len + prfseed_len);
--
2.24.0-rc1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-10-28 19:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-28 19:41 [PATCH] ell/tls: fix crash, don't index through adj. stack objs Will Dietz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.