Thanks for this analysis. I'll look at it when I have an hour or two; it's too tricky to fix in passing.
On Thu, Aug 15, 2013 at 12:30 PM, Laurent Alebarde <l.aleba...@free.fr> wrote: > Hi all, > > I am reviewing the curvezmq code with a debugger : > > Fact : > in curvezmq_codec.c (s_encrypt from s_produce_hello, line 288) : > memcpy (target, box + crypto_box_BOXZEROBYTES, size + > crypto_box_BOXZEROBYTES); > copies from (box + crypto_box_BOXZEROBYTES) (size + crypto_box_BOXZEROBYTES) > bytes > Debugger aborts (while the executable itself in a shell works well). > > Consequences : > 1) an amount of (crypto_box_BOXZEROBYTES) undefined bytes after the box > are copied to target, while the box is malloc-ed with a size of > (crypto_box_ZEROBYTES + size) > 2) the spec "target must be nonce + box" is not fullfilled since the > first crypto_box_BOXZEROBYTES bytes of the box are not copied to target (may > be ok since they are zeros) > > Possible solutions : > 1) change to : memcpy (target, box + crypto_box_BOXZEROBYTES, size); > and set appropriatly the remaining (crypto_box_BOXZEROBYTES) bytes > of target > 2) change to : memcpy (target, box, size + crypto_box_BOXZEROBYTES); > and adapt the size of target : hello_t.box becomes : bytes box[96] > 3) change to : memcpy (target, box + crypto_box_BOXZEROBYTES, size); > and adapt the size of target : hello_t.box becomes : bytes box[64] > > In addition : box should be malloc-ed with a size of > (crypto_box_BOXZEROBYTES + size) instead of (crypto_box_ZEROBYTES + size) > > Cheers, > > > Laurent. > > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
