From: Loup Vaillant Date: Sat, 31 Dec 2022 21:33:50 +0000 (+0100) Subject: Fixed uninitialised read UB in Argon2 X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=a27b89c835fdb41c4488e8339690ef450bcf9615;p=Monocypher.git Fixed uninitialised read UB in Argon2 The index block was declared in the block loop instead of the segment loop. Yet it's only initialised one time out of 128 there, so most of the time we're accessing uninitialised memory. It still appeared to work because that that block always occupied the same spot in the stack. Only Clang's memory sanitiser and the TIS interpreter caught this. --- diff --git a/src/monocypher.c b/src/monocypher.c index 59fc208..7acd23b 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -799,6 +799,7 @@ void crypto_argon2(u8 *hash, void *work_area, // a separate thread. All iterations must be done before we // fill the next slice. FOR_T(u32, segment, 0, s->nb_lanes) { + blk index_block; u32 index_ctr = 1; FOR_T (u32, block, pass_offset, segment_size) { // Current and previous blocks @@ -810,7 +811,6 @@ void crypto_argon2(u8 *hash, void *work_area, ? segment_start + lane_size - 1 : segment_start + block - 1; - blk index_block; u64 index_seed; if (constant_time) { if (block == pass_offset || (block % 128) == 0) {