crypto/ripemd160: Correct badly sized union member
authorDavid Gibson <david@gibson.dropbear.id.au>
Sun, 2 Apr 2017 11:21:02 +0000 (21:21 +1000)
committerDavid Gibson <david@gibson.dropbear.id.au>
Wed, 5 Apr 2017 05:56:33 +0000 (15:56 +1000)
struct ripemd160_ctx has a union for converting between u8[] and u32[]
data.  Unfortunately the u32 array has a miscalculated size, half the size
of the u8 array.  That means some accesses which are within the union can
technically overrun the u32 array.

Found by Coverity scan.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
ccan/crypto/ripemd160/ripemd160.h

index 377a07df407fae01ef0b3ac0aaf8208aa62a8645..56854cff27766206b7451ae5cb09f3303dcfa2d2 100644 (file)
@@ -49,7 +49,7 @@ struct ripemd160_ctx {
        uint32_t s[5];
        uint64_t bytes;
        union {
-               uint32_t u32[8];
+               uint32_t u32[16];
                unsigned char u8[64];
        } buf;
 #endif