[hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation

• From: Stefan Götz <667764@xxxxxxxxxxxxxxxxxx>
• To: hipl-dev@xxxxxxxxxxxxx
• Date: Fri, 12 Nov 2010 16:54:24 -0000

** Changed in: hipl
       Status: Fix Committed => Fix Released

-- 
Out-of-bounds array access in DH key generation
https://bugs.launchpad.net/bugs/667764
You received this bug notification because you are a member of HIPL core
team, which is subscribed to HIPL.

Status in Host Identity Protocol for Linux: Fix Released

Bug description:
Compiling with -O3 fails revealing an out-of-bounds access to an array in 
hipd/dh.c:hip_regen_dh_keys()

lib/core/crypto.h:
#define HIP_MAX_DH_GROUP_ID           7

hipd/dh.c:
DH *dh_table[HIP_MAX_DH_GROUP_ID] = {0};
[...]
    for (i = 1; i <= HIP_MAX_DH_GROUP_ID; i++) {
[...]
            okey        = dh_table[i];
            dh_table[i] = tmp;
[...]
    }

It seems that the array dh_table with 7 entries is accessed at index 7, i.e., 
beyond it's actual size.

Other related posts:

• » [hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation- Miika Komu
• » [hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation- Stefan Götz
• » [hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation- Miika Komu
• » [hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation- René Hummen
• » [hipl-dev] [Bug 667764] Re: Out-of-bounds array access in DH key generation - Stefan Götz

1. Home
2. hipl-dev
3. Archive
4. 11-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---