We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Leaving this here as a reminder. SHA1 update is always called with a constant value or hardcoded size, but this should still be fixed.
typedef struct _RIOT_SHA1_CONTEXT { sha1_quadbyte count[2]; sha1_byte buffer[64]; } RIOT_SHA1_CONTEXT;
void RIOT_SHA1_Update(RIOT_SHA1_CONTEXT *context, const char *data, unsigned int len) { unsigned int j = (context->count[0] >> 3) & 63; //j =0..63 if ((j + len) > 63) // <--- int overflow INT_MAX + len < 63 { do something} else memcpy(&context->buffer[j], &data[i], len - i); } //i = 0
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Leaving this here as a reminder. SHA1 update is always called with a constant value or hardcoded size, but this should still be fixed.
typedef struct _RIOT_SHA1_CONTEXT {
sha1_quadbyte count[2];
sha1_byte buffer[64];
} RIOT_SHA1_CONTEXT;
void RIOT_SHA1_Update(RIOT_SHA1_CONTEXT *context, const char *data, unsigned int len) {
unsigned int j = (context->count[0] >> 3) & 63; //j =0..63
if ((j + len) > 63) // <--- int overflow INT_MAX + len < 63
{ do something}
else
memcpy(&context->buffer[j], &data[i], len - i); } //i = 0
The text was updated successfully, but these errors were encountered: