[Heimdal-source-changes] [heimdal/heimdal] 3046fb: krb5/crypto: Fix compiler error in new iovec CTS c...
GitHub
noreply at github.com
Mon May 28 14:37:24 CEST 2018
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 3046fb914e7bcc14592c6ca4f5c2b2ea25135b41
https://github.com/heimdal/heimdal/commit/3046fb914e7bcc14592c6ca4f5c2b2ea25135b41
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-28 (Mon, 28 May 2018)
Changed paths:
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5/crypto: Fix compiler error in new iovec CTS code
Some versions of gcc can't follow the logic in the encryption path
of the _krb5_evp_encrypt_iov_cts code, and believe that it is
possible for the lastpos structure to be used uninitialised.
This isn't actually possible. On entry to the loop, remaining is
guaranteed to be both greater than, and a multiple of blocksize.
In order to exit the loop, remaining must be set to 0. If
cursor.current.length >= remaining, then we set remaining to 0 and
also set lastpos. Otherwise, we calculate the number of whole blocks
in the current iovec, which must be less than remaining, and subtract
that from remaining. Remaining must still be a multiple of and greater
than or equal to blocksize. If remaining == blocksize, we set lastpos,
and set remaining to 0. Otherwise we consume a single block, and go
around again. All of the paths which may set remaining to 0 also
set lastpos, so lastpos must be populated when the loop terminates.
Coverity has a similiar misconception, albeit with ivec2, which is
mistaken for the same reasons.
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list