diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2012-05-18 13:10:42 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2012-05-18 13:11:59 -0700 |
| commit | 0403c76938c7f487d303818cd19a72a1b63eb94f (patch) | |
| tree | b77915d4432e5d29350f26e6d09be90a98c4fd8c /lib/md4.c | |
| parent | a7cb62bfec02bbcd5d200eeb1ce1f8a4fde631b8 (diff) | |
| download | gnulib-0403c76938c7f487d303818cd19a72a1b63eb94f.tar.gz | |
crypto: fix bug in large buffer handling
Problem reported by Serge Belyshev for glibc in
<http://sourceware.org/bugzilla/show_bug.cgi?id=14090> and for gnulib in
<http://lists.gnu.org/archive/html/bug-gnulib/2012-05/msg00226.html>.
* lib/md4.c (md4_process_block):
* lib/md5.c (md5_process_block):
* lib/sha1.c (sha1_process_block):
* lib/sha256.c (sha256_process_block):
Don't assume the buffer length is less than 2**32.
Diffstat (limited to 'lib/md4.c')
| -rw-r--r-- | lib/md4.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -301,13 +301,13 @@ md4_process_block (const void *buffer, size_t len, struct md4_ctx *ctx) uint32_t B = ctx->B; uint32_t C = ctx->C; uint32_t D = ctx->D; + uint32_t lolen = len; /* First increment the byte count. RFC 1320 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ |