(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/crypt/crypt-sha1.c) |
| |
| 263 | | | void sha1_finish( sha1_context *ctx, guint8 digest[20] ) |
| 264 | | | { |
| 265 | | | guint32 last, padn; |
| 266 | | | guint32 high, low; |
| 267 | | | guint8 msglen[8]; |
| 268 | | | |
| 269 | | | high = ( ctx->total[0] >> 29 ) |
| 270 | | | | ( ctx->total[1] << 3 ); |
| 271 | | | low = ( ctx->total[0] << 3 ); |
| 272 | | | |
| 273 | | | PUT_UINT32( high, msglen, 0 );
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/crypt/crypt-sha1.c |
| |
40 | #define PUT_UINT32(n,b,i) \ |
41 | { \ |
42 | (b)[(i) ] = (guint8) ( (n) >> 24 ); \ |
43 | (b)[(i) + 1] = (guint8) ( (n) >> 16 ); \ |
44 | (b)[(i) + 2] = (guint8) ( (n) >> 8 ); \ |
45 | (b)[(i) + 3] = (guint8) ( (n) ); \ |
46 | } |
| |
|
| 274 | | | PUT_UINT32( low, msglen, 4 );
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/crypt/crypt-sha1.c |
| |
40 | #define PUT_UINT32(n,b,i) \ |
41 | { \ |
42 | (b)[(i) ] = (guint8) ( (n) >> 24 ); \ |
43 | (b)[(i) + 1] = (guint8) ( (n) >> 16 ); \ |
44 | (b)[(i) + 2] = (guint8) ( (n) >> 8 ); \ |
45 | (b)[(i) + 3] = (guint8) ( (n) ); \ |
46 | } |
| |
|
| 275 | | | |
| 276 | | | last = ctx->total[0] & 0x3F; |
| 277 | | | padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); |
Event 1:
last < 56 evaluates to true.
hide
|
|
| 278 | | | |
| 279 | [+] | | sha1_update( ctx, sha1_padding, padn ); |
Event 2:
sha1_padding is passed to sha1_update() as the second argument. - This points to the buffer that will be overrun later.
hide
|
|
 |
| |