From 2103218dd4a0c6a44d05c09c066da20e1c2360fb Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 28 May 2014 11:50:41 -0400 Subject: [PATCH] Fix stack clobber in new uuid-ossp code. The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable. This had accidentally failed to fail in my testing and Matteo's, but buildfarm results exposed the problem. --- contrib/uuid-ossp/uuid-ossp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c index f8c33d2b46..88da168388 100644 --- a/contrib/uuid-ossp/uuid-ossp.c +++ b/contrib/uuid-ossp/uuid-ossp.c @@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len) MD5Init(&ctx); MD5Update(&ctx, ns, sizeof(uu)); MD5Update(&ctx, (unsigned char *) ptr, len); + /* we assume sizeof MD5 result is 16, same as UUID size */ MD5Final((unsigned char *) &uu, &ctx); } else { SHA1_CTX ctx; + unsigned char sha1result[SHA1_RESULTLEN]; SHA1Init(&ctx); SHA1Update(&ctx, ns, sizeof(uu)); SHA1Update(&ctx, (unsigned char *) ptr, len); - SHA1Final((unsigned char *) &uu, &ctx); + SHA1Final(sha1result, &ctx); + memcpy(&uu, sha1result, sizeof(uu)); } /* the calculated hash is using local order */