Fix a read off the end of the input buffer
authorRich Salz <rsalz@openssl.org>
Thu, 8 Jun 2017 20:05:52 +0000 (16:05 -0400)
committerRich Salz <rsalz@openssl.org>
Thu, 8 Jun 2017 20:13:20 +0000 (16:13 -0400)
when building with OPENSSL_SMALL_FOOTPRINT defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3533)

(cherry picked from commit 0b20ad127ce86b05a854f31d51d91312c86ccc74)

crypto/whrlpool/wp_dgst.c

index 807d1c49b2d3b77a65ca2a6ed3852d2c28044c09..96d042f5859e9476fe22693820e7d8144b7e5a58 100644 (file)
@@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
                 goto reconsider;
             } else
 #endif
-            if (bits >= 8) {
+            if (bits > 8) {
                 b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
                 b &= 0xff;
                 if (bitrem)
@@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
                 }
                 if (bitrem)
                     c->data[byteoff] = b << (8 - bitrem);
-            } else {            /* remaining less than 8 bits */
+            } else {            /* remaining less than or equal to 8 bits */
 
                 b = (inp[0] << inpgap) & 0xff;
                 if (bitrem)