diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2007-05-14 05:00:37 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2007-05-14 05:00:37 +0000 |
commit | 23f678429764a718cd42b3755d81739ca77a3cca (patch) | |
tree | b68c78c20a409c80fe20928453eb710d7463f62e /lib/libmd/i386 | |
parent | c6507e5ed73d83c032fedea7ea8c04cbc9b2ea5e (diff) | |
download | src-23f678429764a718cd42b3755d81739ca77a3cca.tar.gz src-23f678429764a718cd42b3755d81739ca77a3cca.zip |
Use unsigned comparisons. Prior to this commit, SHA1_Update and
RIPEMD160_Update were broken when all of the following conditions
applied:
(1) The platform is i386.
(2) The program calling *_Update is statically linked to libmd.
(3) The buffer provided to *_Update is aligned modulo 4 bytes.
(4) The buffer extends beyond 2GB.
Due to the design of this code, SHA1_Update and RIPEMD160_Update will
still be broken if conditions (1)-(3) apply AND the buffer extends
beyond 4GB (i.e., there is an integer overflow in computing "data + len").
Since this remaining bug simply replaces SIGSEGV with a bogus hash (and
non-broken programs should never provide such operands) I don't consider
it to be a serious problem.
MFC After: 1 week
PR: kern/102795
Notes
Notes:
svn path=/head/; revision=169547
Diffstat (limited to 'lib/libmd/i386')
-rw-r--r-- | lib/libmd/i386/rmd160.S | 3 | ||||
-rw-r--r-- | lib/libmd/i386/sha.S | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/libmd/i386/rmd160.S b/lib/libmd/i386/rmd160.S index 97193e9bad8d..7ccfb22daf12 100644 --- a/lib/libmd/i386/rmd160.S +++ b/lib/libmd/i386/rmd160.S @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* Run the C pre-processor over this file with one of the following defined * ELF - elf object files, * OUT - a.out object files, @@ -2005,7 +2006,7 @@ ripemd160_block_x86: movl 112(%esp), %esi cmpl %esi, %edi movl 108(%esp), %edi - jge .L000start + jae .L000start addl $88, %esp popl %ebx popl %ebp diff --git a/lib/libmd/i386/sha.S b/lib/libmd/i386/sha.S index ae8f89ee8d0d..1e5201f5cb89 100644 --- a/lib/libmd/i386/sha.S +++ b/lib/libmd/i386/sha.S @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* -*- Fundamental -*- Emacs' assembler mode hoses this file */ #ifndef PIC /* Run the C pre-processor over this file with one of the following defined @@ -1935,7 +1936,7 @@ sha1_block_x86: movl %edi, 16(%ebp) cmpl %esi, %eax movl %ebx, 4(%ebp) - jl .L001end + jb .L001end movl (%esi), %eax jmp .L000start .L001end: |