Out-of-bounds array access in DH key generation
Bug #667764 reported by
Stefan Götz
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HIPL |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Compiling with -O3 fails revealing an out-of-bounds access to an array in hipd/dh.
lib/core/crypto.h:
#define HIP_MAX_DH_GROUP_ID 7
hipd/dh.c:
DH *dh_table[
[...]
for (i = 1; i <= HIP_MAX_
[...]
okey = dh_table[i];
[...]
}
It seems that the array dh_table with 7 entries is accessed at index 7, i.e., beyond it's actual size.
Related branches
lp:~stefan.goetz-deactivatedaccount/hipl/dh-key-generation-fixes
- Miika Komu: Approve
-
Diff: 53 lines (+21/-1)1 file modifiedhipd/dh.c (+21/-1)
Changed in hipl: | |
status: | New → Fix Committed |
Changed in hipl: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Change the <= to < and commit to trunk? Good catch.