FYI... On Tue, Jan 10, 2017 at 7:44 AM, Boldizsár Lipka <[email protected]> wrote: > Hi, > > > I found an issue in the implementation of the Crypto++ function > RoundUpToMultipleOf (misc.h:745). The function is used at multiple places > throughout the code, so the bug *might* have security implications, hence > I'm reporting via email. > > > misc.h:748 incorrectly assumes that the maximal value of type T1 is > SIZE_MAX/sizeof(T1), which causes RoundUpToMultipleOf to detect integer > overflows incorrectly. The branch condition gives false positives for large > 64-bit integers and false negatives for smaller types. See the attached > source code for examples. Additionally, the documentation states that > RoundUpToMultipleOf returns n + n%m, while in fact it returns (as it should) > n + (m-n%m)%m. > > > Regards, > > Boldizsár Lipka
-- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
