From 23f678429764a718cd42b3755d81739ca77a3cca Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Mon, 14 May 2007 05:00:37 +0000 Subject: [PATCH] Use unsigned comparisons. Prior to this commit, SHA1_Update and RIPEMD160_Update were broken when all of the following conditions applied: (1) The platform is i386. (2) The program calling *_Update is statically linked to libmd. (3) The buffer provided to *_Update is aligned modulo 4 bytes. (4) The buffer extends beyond 2GB. Due to the design of this code, SHA1_Update and RIPEMD160_Update will still be broken if conditions (1)-(3) apply AND the buffer extends beyond 4GB (i.e., there is an integer overflow in computing "data + len"). Since this remaining bug simply replaces SIGSEGV with a bogus hash (and non-broken programs should never provide such operands) I don't consider it to be a serious problem. MFC After: 1 week PR: kern/102795 --- lib/libmd/i386/rmd160.S | 3 ++- lib/libmd/i386/sha.S | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libmd/i386/rmd160.S b/lib/libmd/i386/rmd160.S index 97193e9bad8d..7ccfb22daf12 100644 --- a/lib/libmd/i386/rmd160.S +++ b/lib/libmd/i386/rmd160.S @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* Run the C pre-processor over this file with one of the following defined * ELF - elf object files, * OUT - a.out object files, @@ -2005,7 +2006,7 @@ ripemd160_block_x86: movl 112(%esp), %esi cmpl %esi, %edi movl 108(%esp), %edi - jge .L000start + jae .L000start addl $88, %esp popl %ebx popl %ebp diff --git a/lib/libmd/i386/sha.S b/lib/libmd/i386/sha.S index ae8f89ee8d0d..1e5201f5cb89 100644 --- a/lib/libmd/i386/sha.S +++ b/lib/libmd/i386/sha.S @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* -*- Fundamental -*- Emacs' assembler mode hoses this file */ #ifndef PIC /* Run the C pre-processor over this file with one of the following defined @@ -1935,7 +1936,7 @@ sha1_block_x86: movl %edi, 16(%ebp) cmpl %esi, %eax movl %ebx, 4(%ebp) - jl .L001end + jb .L001end movl (%esi), %eax jmp .L000start .L001end: