Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(218)

Issue 102670044: code review 102670044: crypto/rsa: fix out-of-bound access with short session keys. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
9 years, 9 months ago by agl1
Modified:
9 years, 9 months ago
Reviewers:
davidben1, bradfitz
CC:
davidben1, bradfitz, golang-codereviews
Visibility:
Public.

Description

crypto/rsa: fix out-of-bound access with short session keys. Thanks to Cedric Staub for noting that a short session key would lead to an out-of-bounds access when conditionally copying the too short buffer over the random session key.

Patch Set 1 #

Patch Set 2 : diff -r 1d13818e6b3d https://code.google.com/p/go #

Patch Set 3 : diff -r 1d13818e6b3d https://code.google.com/p/go #

Total comments: 4

Patch Set 4 : diff -r 1d13818e6b3d https://code.google.com/p/go #

Patch Set 5 : diff -r 0395dabe997a https://code.google.com/p/go #

Unified diffs Side-by-side diffs Delta from patch set Stats (+55 lines, -17 lines) Patch
M src/pkg/crypto/rsa/pkcs1v15.go View 1 2 3 5 chunks +28 lines, -15 lines 0 comments Download
M src/pkg/crypto/rsa/pkcs1v15_test.go View 1 1 chunk +20 lines, -0 lines 0 comments Download
M src/pkg/crypto/subtle/constant_time.go View 1 1 chunk +7 lines, -2 lines 0 comments Download

Messages

Total messages: 6
davidben1
lgtm https://codereview.appspot.com/102670044/diff/3/src/pkg/crypto/rsa/pkcs1v15.go File src/pkg/crypto/rsa/pkcs1v15.go (right): https://codereview.appspot.com/102670044/diff/3/src/pkg/crypto/rsa/pkcs1v15.go#newcode64 src/pkg/crypto/rsa/pkcs1v15.go:64: } Named return values makes this look a ...
9 years, 9 months ago (2014-06-26 21:03:12 UTC) #1
agl1
https://codereview.appspot.com/102670044/diff/3/src/pkg/crypto/rsa/pkcs1v15.go File src/pkg/crypto/rsa/pkcs1v15.go (right): https://codereview.appspot.com/102670044/diff/3/src/pkg/crypto/rsa/pkcs1v15.go#newcode64 src/pkg/crypto/rsa/pkcs1v15.go:64: } On 2014/06/26 21:03:12, davidben1 wrote: > Named return ...
9 years, 9 months ago (2014-06-26 21:16:48 UTC) #2
agl1
+bradfitz for Go review.
9 years, 9 months ago (2014-06-26 21:21:15 UTC) #3
bradfitz
LGTM
9 years, 9 months ago (2014-06-26 23:27:42 UTC) #4
agl1
Hello davidben@google.com, bradfitz@golang.org (cc: golang-codereviews@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go
9 years, 9 months ago (2014-07-02 22:28:56 UTC) #5
agl1
9 years, 9 months ago (2014-07-02 22:29:07 UTC) #6
*** Submitted as https://code.google.com/p/go/source/detail?r=c5f72a685e25 ***

crypto/rsa: fix out-of-bound access with short session keys.

Thanks to Cedric Staub for noting that a short session key would lead
to an out-of-bounds access when conditionally copying the too short
buffer over the random session key.

LGTM=davidben, bradfitz
R=davidben, bradfitz
CC=golang-codereviews
https://codereview.appspot.com/102670044
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b