cvs commit: src/lib/libmd/i386 rmd160.S sha.S
    Colin Percival 
    cperciva at freebsd.org
       
    Mon May 14 17:07:06 UTC 2007
    
    
  
Maxim Sobolev wrote:
> Colin Percival wrote:
>>   (1) The platform is i386.
> [...]
>>   still be broken if conditions (1)-(3) apply AND the buffer extends
>>   beyond 4GB (i.e., there is an integer overflow in computing "data +
>> len").
> 
> How that could be? Isn't userland address space on i386 limited by 4GB?
Exactly -- that's why I said that the remaining bug replaces SIGSEGV (since
a "correct" implementation would try to read kernel memory on its way towards
an address overflow) with a bogus hash.  This is strictly a "call us with bogus
parameters, get a bogus result" issue.
Colin Percival
    
    
More information about the cvs-src
mailing list