commit | 0e4e058602d93b88256ff90bbef501ba20be9dd3 | [log] [tgz] |
---|---|---|
author | Theo Buehler <botovq@users.noreply.github.com> | Fri Oct 21 21:26:01 2022 +0200 |
committer | GitHub <noreply@github.com> | Fri Oct 21 12:26:01 2022 -0700 |
tree | 90ecca6c6ad8aa8a9fd50d338359a8e98d187fd4 | |
parent | eae692eed18892309bcc25a2c0f8980038305ea2 [diff] |
[3.10] gh-98517: Fix buffer overflows in _sha3 module (#98519) This is a port of the applicable part of XKCP's fix [1] for CVE-2022-37454 and avoids the segmentation fault and the infinite loop in the test cases published in [2]. [1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a [2]: https://mouha.be/sha-3-buffer-overflow/ Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>