Stefan Götz has proposed merging lp:~stefan.goetz/hipl/dh-key-generation-fixes into lp:hipl. Requested reviews: HIPL core team (hipl-core) Fixes an out-of-bounds access to an array which prevented compiling HIPL at optimization level 3 -- https://code.launchpad.net/~stefan.goetz/hipl/dh-key-generation-fixes/+merge/39757 Your team HIPL core team is requested to review the proposed merge of lp:~stefan.goetz/hipl/dh-key-generation-fixes into lp:hipl.
=== modified file 'hipd/dh.c' --- hipd/dh.c 2010-10-15 15:29:14 +0000 +++ hipd/dh.c 2010-11-01 16:13:50 +0000 @@ -40,6 +40,15 @@ #include "lib/core/debug.h" #include "dh.h" +/** + * This table holds Diffie-Hellman values used during HIP BEXs. + * These values are generated when the HIP daemon starts and valid for its + * lifetime. + * Each array element corresponds to a DH value of a specific DH group. + * The valid groups are defined in RFC 5201, section 5.2.6. + * This array is indexed by the Group ID value defined in the RFC. + * Note that this means that the array element at index 0 is thus unused. + */ DH *dh_table[HIP_MAX_DH_GROUP_ID] = {0}; /** @@ -53,6 +62,12 @@ int res; DH *tmp; + if (group_id <= 0 || group_id >= HIP_MAX_DH_GROUP_ID) { + HIP_ERROR("The Group ID %d is invalid\n", group_id); + res = -1; + goto err_free; + } + /* * First check that we have the key available. * Then encode it into the buffer @@ -105,6 +120,11 @@ int err = 0; DH *tmp; + if (group_id <= 0 || group_id >= HIP_MAX_DH_GROUP_ID) { + HIP_ERROR("The Group ID %d is invalid\n", group_id); + return -1; + } + /* * First check that we have the key available. * Then encode it into the buffer @@ -146,7 +166,7 @@ maxmask = (1 << (HIP_MAX_DH_GROUP_ID + 1)) - 1; bitmask &= maxmask; - for (i = 1; i <= HIP_MAX_DH_GROUP_ID; i++) { + for (i = 1; i < HIP_MAX_DH_GROUP_ID; i++) { if (bitmask & (1 << i)) { tmp = hip_generate_dh_key(i); if (!tmp) {