NIIBE Yutaka <gni...@fsij.org> writes: > Thank you for forwarding the bug report. > > Fixed both for master and LIBGCRYPT-1-7-BRANCH.
Thanks. > Yes. While the patch is right, I followed the suggestion for less > surprise. Fair enough. > While there is the API, I don't know the real use case. So, I did > search: > > https://codesearch.debian.net/search?q=mpi_set_flag.*GCRYMPI_FLAG_SECURE > > and seccure-0.5_1 has use cases. Since all use cases are > gcry_mpi_scan then gcry_mpi_set_flag, I think that those cases are > safe for heap corruption. Alas not. I found this bug because seccure-0.5_1 broke on amd64 (and I couldn't mount my backup disks again until I fixed it). What happened is that `gcry_mpi_scan' returned a bignum with alloced = 5 and nlimbs = 4; zeroizing the limb vector clobbered the secure-memory pool structure in a way I didn't investigate too carefully, but the result was that `mb_get_new' thought that the pool was full and `gcry_malloc_secure' failed. As far as I can make out, `seccure-decrypt' can't decrypt anything at all on amd64. -- [mdw]