Page MenuHome GnuPG
Create Task
Maniphest T3878

not all calloc performed in libgcrypt covered by gcry_set_allocation_handler
Closed, ResolvedPublic
Actions

Description

libgcrypt allows to provide our own malloc implementation. This malloc is then used to provide an internal gcry_xcalloc

However I have identified one direct call of calloc instead of gcry_xcalloc
random-drbg.c -> drbg_sym_init

Details

Version
1.8.2

Revisions and Commits

rC libgcrypt
rC5a20151213c2 random-drbg: do not use calloc for zero ctr

Event Timeline

JFi created this task.Apr 4 2018, 3:05 PM
werner assigned this task to smueller_chronox.de.Apr 5 2018, 2:43 PM
werner triaged this task as Low priority.
werner added a subscriber: werner.

Thanks. Indeed this should also use the x... wrappers. It is not severe because this value is only used as a fixed constant.
Thus we won't fix it in 1.8 but should do this 1.9.

gniibe added a subscriber: gniibe.Apr 13 2018, 4:14 AM
gniibe added a comment.Apr 13 2018, 4:17 AM

I am currently considering improvement of finalizer of libgcrypt, so, this matters.
Looking code, it would be better not to allocate and free the constant,
but use compile time constant data in .text section; Something like: const unsigned char ctr_null[DBRG_CTR_NULL_LEN].

jukivili claimed this task.Mar 24 2019, 9:27 AM
jukivili added a subscriber: smueller_chronox.de.
jukivili added a commit: rC5a20151213c2: random-drbg: do not use calloc for zero ctr.Mar 24 2019, 4:58 PM
jukivili closed this task as Resolved.Mar 24 2019, 8:56 PM