Fix stack clobber in new uuid-ossp code.

The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable. This had accidentally failed to fail in my testing and Matteo's, but buildfarm results exposed the problem.
author: Tom Lane <tgl@sss.pgh.pa.us> 2014-05-28 11:50:41 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2014-05-28 11:50:41 -0400
commit: 2103218dd4a0c6a44d05c09c066da20e1c2360fb (patch)
tree: 8ab065a4e66075d75d553ea6b698b7cb18545038 /contrib/uuid-ossp
parent: 8232d6df4c943a30c08e65d7ea893cb762bc5612 (diff)
download: postgresql-2103218dd4a0c6a44d05c09c066da20e1c2360fb.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c
index f8c33d2b46..88da168388 100644
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len)
 					MD5Init(&ctx);
 					MD5Update(&ctx, ns, sizeof(uu));
 					MD5Update(&ctx, (unsigned char *) ptr, len);
+					/* we assume sizeof MD5 result is 16, same as UUID size */
 					MD5Final((unsigned char *) &uu, &ctx);
 				}
 				else
 				{
 					SHA1_CTX	ctx;
+					unsigned char sha1result[SHA1_RESULTLEN];
 
 					SHA1Init(&ctx);
 					SHA1Update(&ctx, ns, sizeof(uu));
 					SHA1Update(&ctx, (unsigned char *) ptr, len);
-					SHA1Final((unsigned char *) &uu, &ctx);
+					SHA1Final(sha1result, &ctx);
+					memcpy(&uu, sha1result, sizeof(uu));
 				}
 
 				/* the calculated hash is using local order */
author	Tom Lane <tgl@sss.pgh.pa.us>	2014-05-28 11:50:41 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2014-05-28 11:50:41 -0400
commit	2103218dd4a0c6a44d05c09c066da20e1c2360fb (patch)
tree	8ab065a4e66075d75d553ea6b698b7cb18545038 /contrib/uuid-ossp
parent	8232d6df4c943a30c08e65d7ea893cb762bc5612 (diff)
download	postgresql-2103218dd4a0c6a44d05c09c066da20e1c2360fb.tar.gz