From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 From: Giacomo Tesio Date: Tue, 17 Jan 2017 21:59:17 +0100 Message-ID: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>, 9front@9front.org Content-Type: multipart/alternative; boundary=001a11c14914d12fe905465092a6 Subject: [9fans] out of bound access in libsec Topicbox-Message-UUID: b1d879ba-ead9-11e9-9d60-3106f5b1d025 --001a11c14914d12fe905465092a6 Content-Type: text/plain; charset=UTF-8 Hi, running coverity scan on libsec it reported two defects that do not seem false positives: 1. an out of bound access to aesXCBCmac (see https://github.com/JehanneOS/jehanne/issues/3 ) 2. an out of bound access in msgRecv, tlshand.c:1809 (see https://github.com/JehanneOS/jehanne/issues/4 ) I verified that the code is more or less the same on 9front. I "fixed" the first with an assert, but I'm not sure wherther passing sizeof(m->u.finished.verify) to memset in the second is the correct solution. Am I missing something? Giacomo --001a11c14914d12fe905465092a6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi, running coverity scan on libs= ec it reported two defects that do not seem false positives:

1= . an out of bound access to aesXCBCmac (see https://github.com/JehanneOS/jehanne/issues/3 )
2. an out of bound access in msgRecv, tlshand.c:1809 (see https://github.com/Je= hanneOS/jehanne/issues/4 )

I verified that the code is mor= e or less the same on 9front.
I "fixed" the first with a= n assert, but I'm not sure wherther passing sizeof(m->u.finished.verify) to memset in the second is the correct solution.

Am I = missing something?


Giacomo

--001a11c14914d12fe905465092a6--