Fwd: mpi_set_secure leads to heap corruption
Andreas Metzler
ametzler at bebt.de
Tue Jul 4 19:34:21 CEST 2017
On 2017-07-04 NIIBE Yutaka <gniibe at fsij.org> wrote:
[...]
> Fixed both for master and LIBGCRYPT-1-7-BRANCH.
[...]
> While there is the API, I don't know the real use case. So, I did
> search:
> https://codesearch.debian.net/search?q=mpi_set_flag.*GCRYMPI_FLAG_SECURE
> and seccure-0.5_1 has use cases. Since all use cases are gcry_mpi_scan
> then gcry_mpi_set_flag, I think that those cases are safe for heap
> corruption.
Thanks. Supersonic fix + checking for amount of actual breakage. :-)
More information about the Gcrypt-devel
mailing list