[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792
|
From: |
Friedrich Beckmann |
|
Subject: |
Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792 |
|
Date: |
Tue, 4 Jul 2017 07:38:05 +0200 |
Hi John,
> Am 04.07.2017 um 07:10 schrieb John Darrington <address@hidden>:
>
> On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
> Hi John,
>
> today I looked a little bit at the hash function. I think the problem is
> that compared to
> the referenced code the x parameter is type int instead of unsigned int.
> Googling around the
> overflow behavior of signed and the shift right of signed is not defined
> in the c standard
> although ???many?" implementations assume 2th complement signed
> implementation. Both is well
> defined for unsigned int operations.
>
> Ahh. Perhaps you're right. But I cannot see that this would cause a crash,
> so I suspect that's
> another problem.
They compiled with a compiler switch -fsanitized=undefined. I assume that this
produces the crash.
> I changed the parameter type from int to unsigned int and I cannot see a
> problem in the regression.
>
> What problems did you encounter before your change (if any)?
I encountered no problems. At first I assumed that they use some form of static
code analysis. Then I tried
to run our regression with the above mentioned switch but on MacOS I
encountered some compile problems.
In my view the behavior in our code might produce a bad hash as it deviates
from the original code as the right
shift is different for int and unsigned int. But I cannot see how this produces
a security vulnerability.
Friedrich
signature.asc
Description: Message signed with OpenPGP using GPGMail