[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

Hi John,

> Am 04.07.2017 um 07:10 schrieb John Darrington <john@darrington.wattle.id.au>:
> On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
>     Hi John,
>     today I looked a little bit at the hash function. I think the problem is that compared to
>     the referenced code the x parameter is type int instead of unsigned int. Googling around the
>     overflow behavior of signed and the shift right of signed is not defined in the c standard
>     although ???many?" implementations assume 2th complement signed implementation. Both is well
>     defined for unsigned int operations.
> Ahh.  Perhaps you're right.  But I cannot see that this would cause a crash, so I suspect that's
> another problem.

They compiled with a compiler switch -fsanitized=undefined. I assume that this produces the crash.

>     I changed the parameter type from int to unsigned int and I cannot see a problem in the regression.
> What problems did you encounter before your change (if any)?

I encountered no problems. At first I assumed that they use some form of static code analysis. Then I tried
to run our regression with the above mentioned switch but on MacOS I encountered some compile problems.

In my view the behavior in our code might produce a bad hash as it deviates from the original code as the right
shift is different for int and unsigned int. But I cannot see how this produces a security vulnerability.


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply to: