php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #78510 Partially uninitialized buffer returned by sodium_crypto_generichash_init()
Submitted: 2019-09-07 17:29 UTC Modified: 2019-09-09 13:36 UTC
From: security at paragonie dot com Assigned: cmb (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.3.9 OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: security at paragonie dot com
New email:
PHP Version: OS:

 

 [2019-09-07 17:29 UTC] security at paragonie dot com
Description:
------------
Fixed upstream:

https://github.com/jedisct1/libsodium-php/compare/751c625a0f5d2c097cc345eba39d25b450f7a194..68d7915b9ec21404da6e81472d893325fdc65a5c

(Discovered while trying to add the "salt" and "personal" parameters to the sodium_compat polyfill in order to add missing functions.)

Test script:
---------------
<?php
$key = hex2bin('36be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd47');
$y = sodium_crypto_generichash_init($key, 64);
var_dump(bin2hex($y));


Expected result:
----------------
If you run the test script repeatedly, you expect a deterministic result.

Actual result:
--------------
I ran this script 4 times.

scott@paragonie-test:~$ php test.php 
string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd47000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000052ba5cce550000a0da411e7f7f000080654b1e01ffff7f"
scott@paragonie-test:~$ php test.php 
string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd4700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000ae8bc4a7f00006005afaee55500008072c3ace5550000"
scott@paragonie-test:~$ php test.php 
string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd4700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000002220d4fd550000a0da01cdac7f000080650bcd01ffff7f"
scott@paragonie-test:~$ php test.php 
string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd4700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000a2841427f000060c5fc5ee555000080620d5de5550000"

The last few bytes were uninitialized memory.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-09 13:36 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 17:01:31 2024 UTC