UTIL: fix one-byte buffer over-reads.

GNUNET_CRYPTO_hash_from_string2 uses enclen as the length of its buffer that
it passes to GNUNET_STRINGS_utf8_toupper, but GNUNET_STRINGS_utf8_toupper adds
a null terminator, so it should be enclen+1.

GNUNET_CRYPTO_crc16_step reads 1 byte past the end of the buffer passed to
it. It masks out that byte in computing the result, but it's still technically
an overread and could in extremely-rare circumstances cause a segmentation or
access fault. It also upsets sanitizers, preventing other bugs from being found.

Signed-off-by: Martin Schanzenbach <schanzen@gnunet.org>

0 files changed, 0 insertions, 0 deletions