Skip to content

Commit

Permalink
keccak: error out if passed mdlen 100
Browse files Browse the repository at this point in the history
If we were to call it with 100, it would cause rsiz to be 0,
leading to an infinite loop.
This is really a pedantic patch, but since there's already a
range test, might as well make it better.
  • Loading branch information
moneromooo-monero committed Jul 11, 2022
1 parent 8f48f46 commit 7a31d25
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/crypto/keccak.c
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
size_t i, rsiz, rsizw;

static_assert(HASH_DATA_AREA <= sizeof(temp), "Bad keccak preconditions");
if (mdlen <= 0 || (mdlen > 100 && sizeof(st) != (size_t)mdlen))
if (mdlen <= 0 || (mdlen >= 100 && sizeof(st) != (size_t)mdlen))
{
local_abort("Bad keccak use");
}
Expand Down

0 comments on commit 7a31d25

Please sign in to comment.