[Cryptography] Bug in Signal - and what it says about, programming
Vikas Kumar
vikas at vikaskumar.org
Fri Sep 16 13:35:58 EDT 2016
> Date: Thu, 15 Sep 2016 18:48:14 -0400
> From: Jerry Leichter <leichter at lrw.com>
>
> http://arstechnica.com/security/2016/09/signal-fixes-bug-that-let-attackers-tamper-with-encrypted-messages/ (which has links to the actual release) describes a few recently-reported bugs in the Android version of Signal. They actually include the vulnerable line of code:
>
> int remainingData = (int) file.length() - mac.getMacLength();
>
>
This has nothing to do with programming in general or the C language but
a bad development practice.
Everywhere in pretty much most of libc the APIs use "size_t" to
represent length. Using "int" to represent length is a throwback to K&R
C. This just shows that the developer has not updated his or her
understanding of the current state of the C language and its idioms. It
is more likely that the developer was getting warnings from the compiler
and used the "(int)" to get rid of the warnings.
Instead the developer should have done this:
ssize_t remainingData = file.length() - mac.getMacLength();
This way on a 64-bit machine ssize_t would be signed 64-bits and the
overflow would not occur.
--Vikas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160916/200f23e4/attachment.html>
More information about the cryptography
mailing list