diff options
| author | Jim Meyering | 2011-05-28 14:19:08 +0200 |
|---|---|---|
| committer | Jim Meyering | 2011-05-28 14:19:08 +0200 |
| commit | 3eaff8342b4e193d142684f4ab03f391e3466c86 (patch) | |
| tree | d0e227b9c5e0985cd7959e9ac35d571f3abbb41c /src | |
| parent | d451b0879113e2dca94a5ffaf1e4bb9b31a260b6 (diff) | |
| download | emacs-3eaff8342b4e193d142684f4ab03f391e3466c86.tar.gz emacs-3eaff8342b4e193d142684f4ab03f391e3466c86.zip | |
avoid a sign-extension bug in crypto_hash_function
* fns.c (to_uchar): Define.
(crypto_hash_function): Use it to convert some newly-signed
variables to unsigned, to avoid sign-extension bugs. For example,
without this change, (md5 "truc") would evaluate to
45723a2aff78ff4fff7fff1114760e62 rather than the expected
45723a2af3788c4ff17f8d1114760e62. Reported by Antoine Levitt in
http://thread.gmane.org/gmane.emacs.devel/139824
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 11 | ||||
| -rw-r--r-- | src/fns.c | 9 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 55ee4815149..cb2472233c1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,14 @@ | |||
| 1 | 2011-05-28 Jim Meyering <meyering@redhat.com> | ||
| 2 | |||
| 3 | avoid a sign-extension bug in crypto_hash_function | ||
| 4 | * fns.c (to_uchar): Define. | ||
| 5 | (crypto_hash_function): Use it to convert some newly-signed | ||
| 6 | variables to unsigned, to avoid sign-extension bugs. For example, | ||
| 7 | without this change, (md5 "truc") would evaluate to | ||
| 8 | 45723a2aff78ff4fff7fff1114760e62 rather than the expected | ||
| 9 | 45723a2af3788c4ff17f8d1114760e62. Reported by Antoine Levitt in | ||
| 10 | http://thread.gmane.org/gmane.emacs.devel/139824 | ||
| 11 | |||
| 1 | 2011-05-27 Paul Eggert <eggert@cs.ucla.edu> | 12 | 2011-05-27 Paul Eggert <eggert@cs.ucla.edu> |
| 2 | 13 | ||
| 3 | Integer overflow fixes. | 14 | Integer overflow fixes. |
| @@ -4520,6 +4520,11 @@ including negative integers. */) | |||
| 4520 | #include "md5.h" | 4520 | #include "md5.h" |
| 4521 | #include "sha1.h" | 4521 | #include "sha1.h" |
| 4522 | 4522 | ||
| 4523 | /* Convert a possibly-signed character to an unsigned character. This is | ||
| 4524 | a bit safer than casting to unsigned char, since it catches some type | ||
| 4525 | errors that the cast doesn't. */ | ||
| 4526 | static inline unsigned char to_uchar (char ch) { return ch; } | ||
| 4527 | |||
| 4523 | /* TYPE: 0 for md5, 1 for sha1. */ | 4528 | /* TYPE: 0 for md5, 1 for sha1. */ |
| 4524 | 4529 | ||
| 4525 | static Lisp_Object | 4530 | static Lisp_Object |
| @@ -4717,7 +4722,7 @@ crypto_hash_function (int type, Lisp_Object object, Lisp_Object start, Lisp_Obje | |||
| 4717 | { | 4722 | { |
| 4718 | char value[33]; | 4723 | char value[33]; |
| 4719 | for (i = 0; i < 16; i++) | 4724 | for (i = 0; i < 16; i++) |
| 4720 | sprintf (&value[2 * i], "%02x", digest[i]); | 4725 | sprintf (&value[2 * i], "%02x", to_uchar (digest[i])); |
| 4721 | res = make_string (value, 32); | 4726 | res = make_string (value, 32); |
| 4722 | } | 4727 | } |
| 4723 | else | 4728 | else |
| @@ -4735,7 +4740,7 @@ crypto_hash_function (int type, Lisp_Object object, Lisp_Object start, Lisp_Obje | |||
| 4735 | { | 4740 | { |
| 4736 | char value[41]; | 4741 | char value[41]; |
| 4737 | for (i = 0; i < 20; i++) | 4742 | for (i = 0; i < 20; i++) |
| 4738 | sprintf (&value[2 * i], "%02x", digest[i]); | 4743 | sprintf (&value[2 * i], "%02x", to_uchar (digest[i])); |
| 4739 | res = make_string (value, 40); | 4744 | res = make_string (value, 40); |
| 4740 | } | 4745 | } |
| 4741 | else | 4746 | else |