[PATCH 4/6] Fix undefined behavior wrt memcpy

Peter Wu peter at lekensteyn.nl
Thu Jul 9 17:11:34 CEST 2015


* cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let
  the function continue to add padding as needed though.
* cipher/mac-poly1305.c: If the caller requested to finish the hash
  function without a copy of the result, return immediately.
--
Caught by UndefinedBehaviorSanitizer.

Signed-off-by: Peter Wu <peter at lekensteyn.nl>
---
 cipher/cipher-gcm.c   | 2 +-
 cipher/mac-poly1305.c | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index 6b13fc5..3711a1d 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -474,7 +474,7 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte *buf,
 
   do
     {
-      if (buflen + unused < blocksize || unused > 0)
+      if (buflen > 0 && (buflen + unused < blocksize || unused > 0))
         {
           n = blocksize - unused;
           n = n < buflen ? n : buflen;
diff --git a/cipher/mac-poly1305.c b/cipher/mac-poly1305.c
index 76b369a..b80f87d 100644
--- a/cipher/mac-poly1305.c
+++ b/cipher/mac-poly1305.c
@@ -260,6 +260,9 @@ poly1305mac_read (gcry_mac_hd_t h, unsigned char *outbuf, size_t *outlen)
       mac_ctx->marks.tag = 1;
     }
 
+  if (*outlen == 0)
+    return 0;
+
   if (*outlen <= POLY1305_TAGLEN)
     buf_cpy (outbuf, mac_ctx->tag, *outlen);
   else
-- 
2.4.4




More information about the Gcrypt-devel mailing list