[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

Hi John,

today I looked a little bit at the hash function. I think the problem is that compared to
the referenced code the x parameter is type int instead of unsigned int. Googling around the
overflow behavior of signed and the shift right of signed is not defined in the c standard
although „many?" implementations assume 2th complement signed implementation. Both is well
defined for unsigned int operations.

I changed the parameter type from int to unsigned int and I cannot see a problem in the regression.

But looking at the code I wondered if this hash function also works on 64 Bit architectures. The
reference only talks about uint32_t.



> Am 03.07.2017 um 20:50 schrieb John Darrington <john@darrington.wattle.id.au>:
> I suspect this report is mistaken.  But this bit is Ben's code, so I'll let him comment on
> that.
> J'
> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
>     Dear owl337 team,
>     thanks for looking at pspp and finding the security problems
>     https://security-tracker.debian.org/tracker/CVE-2017-10791
>     and
>     https://security-tracker.debian.org/tracker/CVE-2017-10792
>     in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
>     you have some information about collAFL?
>     Regards
>     Friedrich

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply to: