blob: 6e9e0275b0255a05e6f69ac47571c14793f77be0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
The package app-crypt/mhash-0.9.9 as well as app-crypt/mhash-0.9.9-r1 are
affected by a bug which causes a NULL ptr dereference in whirlpool/snefru
digest-completion functionality.
In this patch, whirlpool and snefru's code is updated to bail if 'digest' is
NULL. The code portion aborted is only responsible for writing data to the
digest, so this appears to be correct behavior.
Patch already submitted upstream, but depending on speed, this may be faster to
patch in a new patchset.
Gentoo-Bug: 255131
Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=255131
Patch-URL: http://bugs.gentoo.org/attachment.cgi?id=178666&action=view
Signed-off-by: Thomas Harning <harningt@gmail.com>
--- a/lib/snefru.c
+++ b/lib/snefru.c
@@ -859,6 +859,8 @@
{
mutils_word32 i;
+ if(!digest) return;
+
for (i = 0; i < len; i++, digest += 4)
{
*(mutils_word32 *)digest = mutils_bend2sys32(ctx->hash[i]);
|