diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-07-08 16:54:56 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-07-10 15:11:45 +0200 |
| commit | 1f6bbceeeeb613cf4d790874bdd1e917a7071159 (patch) | |
| tree | c71055a658ff5ea02012d7b75e84f195224e8235 /lib/fips.c | |
| parent | 96a6ee60395242b015d712ca4a5e9e3501105297 (diff) | |
| download | gnutls-1f6bbceeeeb613cf4d790874bdd1e917a7071159.tar.gz | |
ext/session_ticket: avoid calling memcpy on overlapping memory areastmp-session-ticket-valgrind
In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
from ticket_data->data, thus those memory areas may overlap. Using
memcpy here leads to undefined behavior.
Spotted by valgrind run on ppc64le.
==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023)
==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139)
==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
==95231== by 0x4110DEB: handshake_server (handshake.c:3331)
==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727)
==95231== by 0x10009EBF: retry_handshake (serv.c:1306)
==95231== by 0x1000AB67: tcp_server (serv.c:1500)
==95231== by 0x10009E5B: main (serv.c:1297)
==95231==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/fips.c')
0 files changed, 0 insertions, 0 deletions