[gnutls-devel] GnuTLS | Unintended use of sizeof() on pointer (#1076)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Aug 26 11:48:22 CEST 2020
Antonio de la Piedra created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1076
Hello,
I found two places in GnuTLS were sizeof() is used on a pointer:
1. lib/accelerated/x86/x86-common.c, line 315
```
static int check_phe_partial(void)
{
const char *text = "test and test";
uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
};
padlock_sha1_blocks(iv, text, sizeof(text) - 1);
padlock_sha1_blocks(iv, text, sizeof(text) - 1);
if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
iv[4] == 0x9D3FF5CFUL)
return 1;
else
return 0;
}
```
The sizeof of the pointer text is taken in padlock_sha1_blocks (it is always 7).
2. tests/suite/mini-record-timing.c, line 235
```
ret = gnutls_record_send(session, text, sizeof(text));
```
where text is a pointer.
Best regards,
Antonio
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1076
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200826/3ee55564/attachment.html>
More information about the Gnutls-devel
mailing list