1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix integer overflow in QCryptographicHash's SHA-3 support

Browse Source 
Because 256 MB * 8 = 2 Gbit, but length*8 is a signed integer overflow,
hence UB.

Can't really autotest this. Not all systems where we're going to test
can allocate 256 MB of RAM.

[ChangeLog][QtCore][QCryptographicHash] Fixed a bug that caused the
SHA-3 and Keccak algorithms to crash if passed 256 MB of data or more.

Fixes: QTBUG-77362
Change-Id: Iec9c051acd73484c8d94fffd15b91f4b1450f5d7
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
This commit is contained in:
Thiago Macieira 2019-08-08 19:12:32 -07:00
parent aca43d29f8
commit a08ac1986d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/corelib/tools/qcryptographichash.cpp
View File

@ -387,19 +387,19 @@ void QCryptographicHash::addData(const char *data, int length)
break;
case RealSha3_224:
case Keccak_224:
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8);
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8);
break;
case RealSha3_256:
case Keccak_256:
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8);
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8);
break;
case RealSha3_384:
case Keccak_384:
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8);
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8);
break;
case RealSha3_512:
case Keccak_512:
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8);
sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8);
break;
#endif
}