You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 11, 2026. It is now read-only.
Leaving this here as a reminder. SHA1 update is always called with a constant value or hardcoded size, but this should still be fixed.
typedef struct _RIOT_SHA1_CONTEXT {
sha1_quadbyte count[2];
sha1_byte buffer[64];
} RIOT_SHA1_CONTEXT;
void RIOT_SHA1_Update(RIOT_SHA1_CONTEXT *context, const char *data, unsigned int len) {
unsigned int j = (context->count[0] >> 3) & 63; //j =0..63
if ((j + len) > 63) // <--- int overflow INT_MAX + len < 63
{ do something}
else
memcpy(&context->buffer[j], &data[i], len - i); } //i = 0