about summary refs log tree commit diff
diff options
context:
space:
mode:
authorTuomas Tynkkynen <tuomas@tuxera.com>2018-02-19T16·44+0200
committerTuomas Tynkkynen <tuomas@tuxera.com>2018-02-19T21·20+0200
commit546f98dace5c3569211caf392c9dde06a20aa7b0 (patch)
tree39b13a7081d782b0ca5679929ba601d6c1a868ec
parent4ea9707591beceacf9988b3c185faf50da238403 (diff)
libutil: Fix invalid assert on decoding base64 hashes
The assertion is broken because there is no one-to-one mapping from
length of a base64 string to the length of the output.

E.g.

"1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9q=" results in a 32-byte output.
"1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy" results in a 33-byte output.

To reproduce, evaluate:

builtins.derivationStrict {
    name = "0";
    builder = "0";
    system = "0";
    outputHashAlgo = "sha256";
    outputHash = "1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy";
}

Found by afl-fuzz.
-rw-r--r--src/libutil/hash.cc3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc
index 11e3c9dca58a..75e4767550f7 100644
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@@ -189,7 +189,8 @@ Hash::Hash(const std::string & s, HashType type)
 
     else if (size == base64Len()) {
         auto d = base64Decode(std::string(s, pos));
-        assert(d.size() == hashSize);
+        if (d.size() != hashSize)
+            throw BadHash("invalid base-64 hash '%s'", s);
         memcpy(hash, d.data(), hashSize);
     }