- Reported
-
- Issued
-
- Package
-
ntru
(crates.io)
- Type
-
INFO
Unsound
- Categories
-
- Keywords
-
#ffi
#buffer-overflow
- Aliases
-
- References
-
- Patched
-
no patched versions
- Affected Functions
- Version
ntru::types::PrivateKey::export
-
ntru::types::PublicKey::export
-
Description
The following usage causes undefined behavior.
let kp: ntru::types::KeyPair = …;
kp.get_public().export(Default::default())
When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow
panic before UB occurs.
Other mistakes (e.g. using EncParams
from a different key) may always trigger UB.
Likely, older versions of this crate are also affected, but have not been tested.
Advisory available under CC0-1.0
license.