[openssl.org #2954] [PATCH] avoid memcpy for overlapping regions

Nickolai Zeldovich via RT Thu, 10 Jan 2013 06:29:00 -0800

Using memcpy on overlapping regions of memory is undefined behavior in C. 
In engines/ccgost/gosthash.c, the circle_xor8() function uses memcpy to 
copy data between the two arrays passed as arguments, but in some cases 
(e.g., the third call to circle_xor8 in hash_step() in the same file) the 
two arguments are identical.  Use memmove instead to avoid any problems.


Nickolai.

--- openssl-1.0.1c/engines/ccgost/gosthash.c    2009-12-22 06:52:15.000000000 
-0500
+++ openssl-1.0.1c/engines/ccgost/gosthash.c    2013-01-07 15:56:39.716975869 
-0500
@@ -42,7 +42,7 @@
        byte buf[8];
        int i;
        memcpy(buf,w,8);
-       memcpy(k,w+8,24);
+       memmove(k,w+8,24);
        for(i=0;i<8;i++)
                k[i+24]=buf[i]^k[i];
        }

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

[openssl.org #2954] [PATCH] avoid memcpy for overlapping regions

Reply via email to