cvs commit: src/lib/libmd/i386 rmd160.S sha.S
Colin Percival
cperciva at freebsd.org
Mon May 14 17:07:06 UTC 2007
Maxim Sobolev wrote:
> Colin Percival wrote:
>> (1) The platform is i386.
> [...]
>> still be broken if conditions (1)-(3) apply AND the buffer extends
>> beyond 4GB (i.e., there is an integer overflow in computing "data +
>> len").
>
> How that could be? Isn't userland address space on i386 limited by 4GB?
Exactly -- that's why I said that the remaining bug replaces SIGSEGV (since
a "correct" implementation would try to read kernel memory on its way towards
an address overflow) with a bogus hash. This is strictly a "call us with bogus
parameters, get a bogus result" issue.
Colin Percival
More information about the cvs-src
mailing list