-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/types: check for overflow and unreasonably large element count #9163
Merged
odeke-em
merged 1 commit into
master
from
crypto-types-CompactBitArray-fix-bits-overflow
Apr 22, 2021
Merged
crypto/types: check for overflow and unreasonably large element count #9163
odeke-em
merged 1 commit into
master
from
crypto-types-CompactBitArray-fix-bits-overflow
Apr 22, 2021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/cc @cuonglm |
Ensure that we don't pass overflowed values into make, because a clever attacker could see that to cause: (bits+7)/8 to become negative, they just have to make (bits+7) become negative simply by >=maxint-6 but also reject unreasonably large element count like >2**32, which while arbitrary is super duper large for a bit array. Fixes #9162
odeke-em
force-pushed
the
crypto-types-CompactBitArray-fix-bits-overflow
branch
from
April 22, 2021 00:42
361b2a6
to
5ed97d5
Compare
Codecov Report
@@ Coverage Diff @@
## master #9163 +/- ##
==========================================
+ Coverage 58.82% 58.89% +0.07%
==========================================
Files 583 585 +2
Lines 32769 32801 +32
==========================================
+ Hits 19275 19318 +43
+ Misses 11216 11199 -17
- Partials 2278 2284 +6
|
alessio
approved these changes
Apr 22, 2021
cuonglm
approved these changes
Apr 22, 2021
0.42 backport PR available here: #9173 |
alessio
pushed a commit
that referenced
this pull request
Apr 22, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ensure that we don't pass overflowed values into make, because
a clever attacker could see that to cause:
to become negative, they just have to make (bits+7) become negative
simply by >=maxint-6
but also reject unreasonably large element count like >2**32, which
while arbitrary is super duper large for a bit array.
Fixes #9162
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/
) or specification (x/<module>/spec/
)godoc
comments.Unreleased
section inCHANGELOG.md
Files changed
in the Github PR explorerCodecov Report
in the comment section below once CI passes