Fix stack clobber in new uuid-ossp code.

tglsfdc · tglsfdc · commit 2103218dd4a0 · 2014-05-28T11:50:41.000-04:00
The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable.
This had accidentally failed to fail in my testing and Matteo's, but
buildfarm results exposed the problem.
diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c
@@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len)
 					MD5Init(&ctx);
 					MD5Update(&ctx, ns, sizeof(uu));
 					MD5Update(&ctx, (unsigned char *) ptr, len);
+					/* we assume sizeof MD5 result is 16, same as UUID size */
 					MD5Final((unsigned char *) &uu, &ctx);
 				}
 				else
 				{
 					SHA1_CTX	ctx;
+					unsigned char sha1result[SHA1_RESULTLEN];
 
 					SHA1Init(&ctx);
 					SHA1Update(&ctx, ns, sizeof(uu));
 					SHA1Update(&ctx, (unsigned char *) ptr, len);
-					SHA1Final((unsigned char *) &uu, &ctx);
+					SHA1Final(sha1result, &ctx);
+					memcpy(&uu, sha1result, sizeof(uu));
 				}
 
 				/* the calculated hash is using local order */

Original file line number	Diff line number	Diff line change
`@@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char ns, char ptr, int len)`
`316`	`316`	`MD5Init(&ctx);`
`317`	`317`	`MD5Update(&ctx, ns, sizeof(uu));`
`318`	`318`	`MD5Update(&ctx, (unsigned char *) ptr, len);`
	`319`	`+ /* we assume sizeof MD5 result is 16, same as UUID size */`
`319`	`320`	`MD5Final((unsigned char *) &uu, &ctx);`
`320`	`321`	`}`
`321`	`322`	`else`
`322`	`323`	`{`
`323`	`324`	`SHA1_CTX ctx;`
	`325`	`+ unsigned char sha1result[SHA1_RESULTLEN];`
`324`	`326`
`325`	`327`	`SHA1Init(&ctx);`
`326`	`328`	`SHA1Update(&ctx, ns, sizeof(uu));`
`327`	`329`	`SHA1Update(&ctx, (unsigned char *) ptr, len);`
`328`		`- SHA1Final((unsigned char *) &uu, &ctx);`
	`330`	`+ SHA1Final(sha1result, &ctx);`
	`331`	`+ memcpy(&uu, sha1result, sizeof(uu));`
`329`	`332`	`}`
`330`	`333`
`331`	`334`	`/* the calculated hash is using local order */`