You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On three instances, I encountered bugs where the parser would crash (SEGFAULT) when attempting to process an AES-CTR vector. That being said, based on my investigation I don't think the issue was unique to AES-CTR. I believe the core issue resides here:
This code uses mmap to access the file contents as a buffer, and then subsequent code passes the buffer to string functions like strlen (https://github.com/smuellerDD/acvpparser/blob/master/parser/json-c/json_tokener.c#L260), which can end up accessing past the end of the buffer, as mmap doesn't guarantee a NULL terminator at the end of the buffer.
I was able to fix this locally by just switching from mmap to malloc, and adding in a NULL terminator myself. I can create a PR if desired, but I wasn't sure if that's the approach you wanted to take to fix this issue, or if you had something else in mind.
The text was updated successfully, but these errors were encountered:
On three instances, I encountered bugs where the parser would crash (SEGFAULT) when attempting to process an AES-CTR vector. That being said, based on my investigation I don't think the issue was unique to AES-CTR. I believe the core issue resides here:
https://github.com/smuellerDD/acvpparser/blob/master/parser/read_json.c#L506
This code uses mmap to access the file contents as a buffer, and then subsequent code passes the buffer to string functions like strlen (https://github.com/smuellerDD/acvpparser/blob/master/parser/json-c/json_tokener.c#L260), which can end up accessing past the end of the buffer, as mmap doesn't guarantee a NULL terminator at the end of the buffer.
I was able to fix this locally by just switching from mmap to malloc, and adding in a NULL terminator myself. I can create a PR if desired, but I wasn't sure if that's the approach you wanted to take to fix this issue, or if you had something else in mind.
The text was updated successfully, but these errors were encountered: