From 7a31d25b67dc7aa18f09a68720b1a3ecffaad93a Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 11 Jul 2022 17:43:59 +0000 Subject: keccak: error out if passed mdlen 100 If we were to call it with 100, it would cause rsiz to be 0, leading to an infinite loop. This is really a pedantic patch, but since there's already a range test, might as well make it better. --- src/crypto/keccak.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/crypto/keccak.c') diff --git a/src/crypto/keccak.c b/src/crypto/keccak.c index f098cbdf0..6616d3530 100644 --- a/src/crypto/keccak.c +++ b/src/crypto/keccak.c @@ -123,7 +123,7 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen) size_t i, rsiz, rsizw; static_assert(HASH_DATA_AREA <= sizeof(temp), "Bad keccak preconditions"); - if (mdlen <= 0 || (mdlen > 100 && sizeof(st) != (size_t)mdlen)) + if (mdlen <= 0 || (mdlen >= 100 && sizeof(st) != (size_t)mdlen)) { local_abort("Bad keccak use"); } -- cgit v1.2.3