Re: [hackers] [sbase][PATCH] libutil: Fix buffer overflows in 224-bit SHA

From: Roberto E. Vargas Caballero <k0ga_AT_shike2.net>
Date: Mon, 3 Nov 2025 17:30:56 +0100

Hi,

On Mon, Nov 03, 2025 at 05:46:05PM +0200, Santtu Lakkala wrote:
> Adjust buffer sizes for both SHA-256 and SHA-512 based 224-bit SHA
> checksums.
>
> Use a temporary buffer for SHA-512/224, as 224 is not multiple of 64-bit
> internal state array of SHA-512.

This seems ok to me. Can someone else check that we don't get the asan issue
anymore?

Regards,
Received on Mon Nov 03 2025 - 17:30:56 CET