diff options
author | Tom Lane <tgl@sss.pgh.pa.us> | 2014-05-28 11:50:41 -0400 |
---|---|---|
committer | Tom Lane <tgl@sss.pgh.pa.us> | 2014-05-28 11:50:41 -0400 |
commit | 2103218dd4a0c6a44d05c09c066da20e1c2360fb (patch) | |
tree | 8ab065a4e66075d75d553ea6b698b7cb18545038 /contrib/uuid-ossp | |
parent | 8232d6df4c943a30c08e65d7ea893cb762bc5612 (diff) | |
download | postgresql-2103218dd4a0c6a44d05c09c066da20e1c2360fb.tar.gz |
Fix stack clobber in new uuid-ossp code.
The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable.
This had accidentally failed to fail in my testing and Matteo's, but
buildfarm results exposed the problem.
Diffstat (limited to 'contrib/uuid-ossp')
-rw-r--r-- | contrib/uuid-ossp/uuid-ossp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c index f8c33d2b46..88da168388 100644 --- a/contrib/uuid-ossp/uuid-ossp.c +++ b/contrib/uuid-ossp/uuid-ossp.c @@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len) MD5Init(&ctx); MD5Update(&ctx, ns, sizeof(uu)); MD5Update(&ctx, (unsigned char *) ptr, len); + /* we assume sizeof MD5 result is 16, same as UUID size */ MD5Final((unsigned char *) &uu, &ctx); } else { SHA1_CTX ctx; + unsigned char sha1result[SHA1_RESULTLEN]; SHA1Init(&ctx); SHA1Update(&ctx, ns, sizeof(uu)); SHA1Update(&ctx, (unsigned char *) ptr, len); - SHA1Final((unsigned char *) &uu, &ctx); + SHA1Final(sha1result, &ctx); + memcpy(&uu, sha1result, sizeof(uu)); } /* the calculated hash is using local order */ |