Re: [hackers] [sbase][PATCH] libutil: Fix buffer overflows in 224-bit SHA

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Carlos Torres <vlaadbrain_AT_gmail.com>
Date: Mon, 3 Nov 2025 13:01:32 -0500

On Mon, Nov 3, 2025 at 11:31 AM Roberto E. Vargas Caballero
<k0ga_AT_shike2.net> wrote:
>
> This seems ok to me. Can someone else check that we don't get the asan issue
> anymore?
>

This patch is confirmed. it fixes the stack-buffer-overflow at

   #0 0x555555559c60 in sha512_sum_n libutil/sha512.c:141
    #1 0x55555555a16b in sha512_224_sum libutil/sha512-224.c:25
    #2 0x555555557d39 in cryptsum libutil/crypt.c:172
    #3 0x5555555579fb in cryptmain libutil/crypt.c:147
    #4 0x555555556864 in main /home/cjt/src/sbase/sha512-224sum.c:41
    #5 0x7ffff7427674 (/usr/lib/libc.so.6+0x27674) (BuildId:
4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #6 0x7ffff7427728 in __libc_start_main
(/usr/lib/libc.so.6+0x27728) (BuildId:
4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)
    #7 0x555555556294 in _start
(/home/cjt/src/sbase/sha512-224sum+0x2294) (BuildId:
5af6fd0aac9e2395c5eb9c0b5899b49357bcee77)

--Carlos
Received on Mon Nov 03 2025 - 19:01:32 CET

This archive was generated by hypermail 2.3.0 : Mon Nov 03 2025 - 19:12:37 CET