diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-17 23:46:31 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 00:49:21 +0200 |
| commit | 1a52b8abb4ee98406d33c45eff5de9f6ca360bea (patch) | |
| tree | 5d342a880b3e4da399dbd9b882176c350c770846 /src | |
| parent | 70eb454bc21774b31bc0b17cb017bec831d5d695 (diff) | |
Prevent memory error bug
I discovered this with the recent guile update. If dynwind_mpz_t_clear
is passed a copy of the mpz_t value, then the value living on the
stack of dynwind_mpz_t_clear will be registered for garbage
collection. However, that value becomes unreadable as soon as
dynwind_mpz_t_clear returns, because its location on the stack is
overriden.
Diffstat (limited to 'src')
| -rw-r--r-- | src/jws/libwebidoidc-jws.c | 4 | ||||
| -rw-r--r-- | src/utilities.h | 18 |
2 files changed, 11 insertions, 11 deletions
diff --git a/src/jws/libwebidoidc-jws.c b/src/jws/libwebidoidc-jws.c index 4de3cbc..17ae6b5 100644 --- a/src/jws/libwebidoidc-jws.c +++ b/src/jws/libwebidoidc-jws.c @@ -135,7 +135,7 @@ SCM_DEFINE (webidoidc_jws_sign_g, "sign", 3, 0, 0, scm_throw (incompatible_alg, scm_list_2 (alg, key)); } mpz_init (c_sig); - dynwind_mpz_t_clear (c_sig); + dynwind_mpz_t_clear (&c_sig); if (scm_is_eq (alg, rs256) && rsa_sha256_sign_digest_tr (&c_pub, &c_key, NULL, &generate_random, c_digest, c_sig)) @@ -274,7 +274,7 @@ SCM_DEFINE (webidoidc_jws_verify_g, "verify", 4, 0, 0, scm_throw (incompatible_alg, scm_list_2 (alg, key)); } mpz_init (c_sig); - dynwind_mpz_t_clear (c_sig); + dynwind_mpz_t_clear (&c_sig); do_mpz_t_load (c_sig, signature, 1); if (scm_is_eq (alg, rs256)) { diff --git a/src/utilities.h b/src/utilities.h index ae5d82c..c07265e 100644 --- a/src/utilities.h +++ b/src/utilities.h @@ -71,7 +71,7 @@ static int do_rsa_public_key_load (struct rsa_public_key *x, SCM data); static int do_rsa_private_key_load (struct rsa_private_key *x, SCM data); /* Register x to be destroyed at the end of the dynamic wind. */ -static void dynwind_mpz_t_clear (mpz_t x); +static void dynwind_mpz_t_clear (mpz_t * x); static void dynwind_ecc_point_clear (struct ecc_point *x); static void dynwind_ecc_scalar_clear (struct ecc_scalar *x); static void dynwind_rsa_public_key_clear (struct rsa_public_key *x); @@ -167,9 +167,9 @@ wrap_ecc_point (const struct ecc_curve *crv, const struct ecc_point *point) SCM ret; scm_dynwind_begin (0); mpz_init (x); - dynwind_mpz_t_clear (x); + dynwind_mpz_t_clear (&x); mpz_init (y); - dynwind_mpz_t_clear (y); + dynwind_mpz_t_clear (&y); ecc_point_get (point, x, y); ret = scm_list_3 (scm_cons (kcrv, wrap_ecc_curve (crv)), @@ -185,7 +185,7 @@ wrap_ecc_scalar (const struct ecc_curve *crv, const struct ecc_scalar *scalar) SCM ret; scm_dynwind_begin (0); mpz_init (z); - dynwind_mpz_t_clear (z); + dynwind_mpz_t_clear (&z); ecc_scalar_get (scalar, z); ret = scm_list_2 (scm_cons (kcrv, wrap_ecc_curve (crv)), @@ -314,9 +314,9 @@ do_ecc_point_load (struct ecc_point *point, SCM data) int ret = 1; scm_dynwind_begin (0); mpz_init (x); - dynwind_mpz_t_clear (x); + dynwind_mpz_t_clear (&x); mpz_init (y); - dynwind_mpz_t_clear (y); + dynwind_mpz_t_clear (&y); ret = (do_mpz_t_load (x, scm_assq_ref (data, kx), 0) && do_mpz_t_load (y, scm_assq_ref (data, ky), 0) @@ -332,7 +332,7 @@ do_ecc_scalar_load (struct ecc_scalar *scalar, SCM data) int ret = 1; scm_dynwind_begin (0); mpz_init (z); - dynwind_mpz_t_clear (z); + dynwind_mpz_t_clear (&z); ret = (do_mpz_t_load (z, scm_assq_ref (data, kd), 0) && ecc_scalar_set (scalar, z)); @@ -396,9 +396,9 @@ do_ecc_scalar_clear (void *ptr) } static inline void -dynwind_mpz_t_clear (mpz_t z) +dynwind_mpz_t_clear (mpz_t * z) { - scm_dynwind_unwind_handler (do_mpz_t_clear, &z, SCM_F_WIND_EXPLICITLY); + scm_dynwind_unwind_handler (do_mpz_t_clear, z, SCM_F_WIND_EXPLICITLY); } static inline void |