app-crypt/mhash: fix UAF in tests

Closes: https://bugs.gentoo.org/914173
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 20 insertions, 0 deletions

diff --git a/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch
new file mode 100644
index 000000000000..cd9b3c041891
--- /dev/null
+++ b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/914173
+https://sourceforge.net/p/mhash/patches/12/
+https://sourceforge.net/p/mhash/bugs/43/
+
+Fixes a segfault due to use-after-free on x86 & ARM in the test suite.
+
+Index: mhash-0.9.9.9/src/hmac_test.c
+===================================================================
+--- mhash-0.9.9.9/src/hmac_test.c
++++ mhash-0.9.9.9/src/hmac_test.c	2020-04-01 00:04:44.039815882 +0200
+@@ -76,8 +76,6 @@
+ 
+ 	/* Test No 2 */	
+ 	
+-	mutils_memset(tmp, 0, sizeof(tmp));
+-	
+ 	passlen=sizeof(KEY2) - 1;
+ 	password = (mutils_word8 *) mutils_malloc(passlen+1);
+ 	mutils_memcpy(password, KEY2, passlen);
diff --git a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
index e2dff3f8b8ba..59e8dcb9010e 100644
--- a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
+++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
@@ -26,6 +26,7 @@ PATCHES=(
 	"${FILESDIR}"/${P}-align.patch
 	"${FILESDIR}"/${P}-alignment.patch
 	"${FILESDIR}"/${P}-no-malloc-check.patch
+	"${FILESDIR}"/${P}-hmac-uaf-test.patch
 )
 
 DOCS=( doc/example.c doc/skid2-authentication )