Fix #78510: Partially uninitialized buffer returned by sodium_crypto_generichash_init()

cmb69 · cmb69 · commit 8ead77936e68 · 2019-09-09T15:30:28.000+02:00
Backport jedisct1/libsodium.php@28d13bf437cb969a0583031fc7ac54c5a8dc8116.
diff --git a/NEWS b/NEWS
@@ -21,6 +21,10 @@ PHP                                                                        NEWS
 - PDO_MySQL:
   . Fixed bug #41997 (SP call yields additional empty result set). (cmb)
 
+- sodium:
+  . Fixed bug #78510 (Partially uninitialized buffer returned by
+    sodium_crypto_generichash_init()). (Frank Denis, cmb)
+
 29 Aug 2019, PHP 7.2.22
 
 - Core:
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
@@ -934,6 +934,7 @@ PHP_FUNCTION(sodium_crypto_generichash_init)
 		zend_throw_exception(sodium_exception_ce, "unsupported key length", 0);
 		return;
 	}
+	memset(&state_tmp, 0, sizeof state_tmp);
 	if (crypto_generichash_init((void *) &state_tmp, key, (size_t) key_len,
 								(size_t) hash_len) != 0) {
 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
diff --git a/ext/sodium/tests/bug78510.phpt b/ext/sodium/tests/bug78510.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init())
+--SKIPIF--
+<?php
+if (!extension_loaded("sodium")) print "skip extension not loaded";
+?>
+--FILE--
+<?php
+$key = hex2bin('36be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd47');
+$y = sodium_crypto_generichash_init($key, 64);
+var_dump(bin2hex($y));
+?>
+--EXPECT--
+string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd4700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000"

Original file line number	Diff line number	Diff line change
`@@ -934,6 +934,7 @@ PHP_FUNCTION(sodium_crypto_generichash_init)`
`934`	`934`	`zend_throw_exception(sodium_exception_ce, "unsupported key length", 0);`
`935`	`935`	`return;`
`936`	`936`	`}`
	`937`	`+ memset(&state_tmp, 0, sizeof state_tmp);`
`937`	`938`	`if (crypto_generichash_init((void *) &state_tmp, key, (size_t) key_len,`
`938`	`939`	`(size_t) hash_len) != 0) {`
`939`	`940`	`zend_throw_exception(sodium_exception_ce, "internal error", 0);`