bugzilla-daemon at mindrot.org
2024-Sep-11 11:25 UTC
[Bug 3732] New: An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from the expression '(1 << 26)'
https://bugzilla.mindrot.org/show_bug.cgi?id=3732 Bug ID: 3732 Summary: An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from the expression '(1 << 26)' Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: security Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: suhov.ra at npc-ksb.ru File: https://github.com/openssh/openssh-portable/blob/master/poly1305.c Line: 140 The expression g4 = h4 + b - (1 << 26); may cause an overflow if the value of h4 + b is less than 67108864, which is equivalent to 1 << 26. Overflow when working with unsigned numbers will lead to an incorrect result, which may affect further operation of the algorithm. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Sep-11 11:32 UTC
[Bug 3732] An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from the expression '(1 << 26)'
https://bugzilla.mindrot.org/show_bug.cgi?id=3732 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME CC| |djm at mindrot.org Status|NEW |RESOLVED --- Comment #1 from Damien Miller <djm at mindrot.org> --- I'm pretty sure this is intended. unsigned under/overflow is well-defined -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Sep-11 17:09 UTC
[Bug 3732] An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from the expression '(1 << 26)'
https://bugzilla.mindrot.org/show_bug.cgi?id=3732 --- Comment #2 from Suhov Roman <suhov.ra at npc-ksb.ru> --- Please check this section of the code -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 3734] New: Expression 'l > SIZE_MAX' is always false
- [Bug 3730] New: Integer overflow when adding 6000 and display_number
- [Bug 3731] New: Integer overflow when adding 6000 and display_number
- [Bug 3735] New: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)
- [RFC] Coding Standards: "prefer `int` for regular arithmetic, use `unsigned` only for bitmask and when you intend to rely on wrapping behavior."