[Bug 3732] New: An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from the expression '(1 << 26)'
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Sep 11 21:25:39 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3732
Bug ID: 3732
Summary: An integer underflow may occur due to arithmetic
operation (unsigned subtraction) between values '0'
and '67108864', where the first value comes from the
expression 'h4 + b' and the second value comes from
the expression '(1 << 26)'
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: suhov.ra at npc-ksb.ru
File:
https://github.com/openssh/openssh-portable/blob/master/poly1305.c
Line: 140
The expression g4 = h4 + b - (1 << 26); may cause an overflow if the
value of h4 + b is less than 67108864, which is equivalent to 1 << 26.
Overflow when working with unsigned numbers will lead to an incorrect
result, which may affect further operation of the algorithm.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list