Описание
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior.
let kp: ntru::types::KeyPair = …;
kp.get_public().export(Default::default())
When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs.
Other mistakes (e.g. using EncParams from a different key) may always trigger UB.
Likely, older versions of this crate are also affected, but have not been tested.
Пакеты
Наименование
ntru
rust
Затронутые версииВерсия исправления
>= 0.4.3, <= 0.5.6
Отсутствует