From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-it0-f44.google.com ([209.85.214.44]) by ur; Tue Jan 17 15:59:26 EST 2017
Received: by mail-it0-f44.google.com with SMTP id r185so113041355ita.0
        for <9front@9front.org>; Tue, 17 Jan 2017 12:59:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tesio-it.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=oo45zkT0pmnFF5VysqgrbDPp3MAKkYvdfE4dDk5cna8=;
        b=T4I1Rji2n/wrgF4ssfFI9SIBFxwz38gOCFli5NPzuTRGeWdinfaDqAB/y3Y9G4yT20
         CCKMgIg31zVSN3v9iUEEK5JA0V0xrtxVTmCHbTEF7ax6w1KInXPbNO9i4XOwPtGyR6Ce
         LijIZBASJFLwZbdMQV4MCnZdZ8CZqyvU67p5qt7wVPFdcmpC4DfR5wr4wtpkNMODvmR6
         Yo9c3n2VanPJETiDLlZ56gFGCSRkhNrkZ21l3bXS2iinEyGfEyzDtYx4JAo5Kj3NZwwE
         OZ898vtXiyfsMIXEliUTu+GekDCqJR1Yaiem8akUCdkqjY1QAG6vXIcPLG22nCruPIJG
         Bryw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=oo45zkT0pmnFF5VysqgrbDPp3MAKkYvdfE4dDk5cna8=;
        b=NhoJRHO/8s/lUYHecfZ4AKPVOOM0jg6ezUalG7W1VKMTR81FHBRYOQb15Ei8gJZjof
         TGAwSUvySHhuvUF+xEWeSCztFcmk38DMOt685bLQ3mTvDOXWKjKepOiuj6keIcatj6yc
         1vmD9h9Y4IKmc2CEL/5Nvfb8gPSFFsOtsVQLOXMiWjhsprHiSjW+XDtRaUKjmRI6CF4A
         OxLOUWIfq/AzJe3PF3Y5g7/5Biw3SR8sopqnddUYjxN044HG48qOtPaKilnQ8gGGPSko
         mtUhY/yLnDVx0VEsaSCRYQ1f4BVFt8Z9Ve3ZRgqgEkv66s25VM3dU6Lree53ojB+Aj+1
         s6KQ==
X-Gm-Message-State: AIkVDXKh4lUAOwrs1dVTnXXLegqLPqwFgw/cMdzgkpVOUV8PNl8XF+RrvuvjJgnVmuYeodF9N1s3FA7l4uACmg==
X-Received: by 10.36.69.30 with SMTP id y30mr21273717ita.119.1484686758057;
 Tue, 17 Jan 2017 12:59:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.169 with HTTP; Tue, 17 Jan 2017 12:59:17 -0800 (PST)
From: Giacomo Tesio <giacomo@tesio.it>
Date: Tue, 17 Jan 2017 21:59:17 +0100
Message-ID: <CAHL7psHxJp6wBDpRFr7a48EVsNtT7rFQ=4eLuZ7AdpuMNpRBnQ@mail.gmail.com>
Subject: out of bound access in libsec
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>, 9front@9front.org
Content-Type: multipart/alternative; boundary=001a11c14914d12fe905465092a6
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: core injection hardware standard 

--001a11c14914d12fe905465092a6
Content-Type: text/plain; charset=UTF-8

Hi, running coverity scan on libsec it reported two defects that do not
seem false positives:

1. an out of bound access to aesXCBCmac (see
https://github.com/JehanneOS/jehanne/issues/3 )
2. an out of bound access in msgRecv, tlshand.c:1809 (see
https://github.com/JehanneOS/jehanne/issues/4 )

I verified that the code is more or less the same on 9front.
I "fixed" the first with an assert, but I'm not sure wherther passing
sizeof(m->u.finished.verify) to memset in the second is the correct
solution.

Am I missing something?


Giacomo

--001a11c14914d12fe905465092a6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div>Hi, running coverity scan on libs=
ec it reported two defects that do not seem false positives:<br><br></div>1=
. an out of bound access to aesXCBCmac (see <a href=3D"https://github.com/J=
ehanneOS/jehanne/issues/3">https://github.com/JehanneOS/jehanne/issues/3</a=
> )<br></div>2. an out of bound access in msgRecv, tlshand.c:1809 (see <a h=
ref=3D"https://github.com/JehanneOS/jehanne/issues/4">https://github.com/Je=
hanneOS/jehanne/issues/4</a> )<br><br></div>I verified that the code is mor=
e or less the same on 9front.<br></div>I &quot;fixed&quot; the first with a=
n assert, but I&#39;m not sure wherther passing sizeof(m-&gt;u.<span class=
=3D"gmail-pl-smi">finished</span>.<span class=3D"gmail-pl-smi">verify)</spa=
n> to memset in the second is the correct solution.<br><br></div><div>Am I =
missing something?<br><br></div><div><br></div>Giacomo<br><div><pre><br><sp=
an class=3D"gmail-pl-smi"></span></pre></div></div>

--001a11c14914d12fe905465092a6--