Fix nettle_hash() function to avoid ABI incompatibilities.

The way of accessing the list of available hashes on nettle was vulnerable to breaking if the version of libnettle in use was different to the version dnsmasq was compiled against. Change to a new system if libnettle >= 3.4 is in use. Older versions if nettle are still OK, once 3.4 is reached, the ABi problem is fixed. Thanks to Petr Menšík for clues on this.
2025-12-19 18:28:25 +00:00 · 2018-03-06 22:55:36 +00:00
parent 4c4f4c2649
commit f3223fbff6
3 changed files with 16 additions and 6 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -114,17 +114,25 @@ const struct nettle_hash *hash_find(char *name)
  if (!name)
    return NULL;
  
+  /* We provide a "null" hash which returns the input data as digest. */
+  if (strcmp(null_hash.name, name) == 0)
+    return &null_hash;
+
+  /* libnettle >= 3.4 provides nettle_lookup_hash() which avoids nasty ABI
+     incompatibilities if sizeof(nettle_hashes) changes between library
+     versions. */
+  
+#if (NETTLE_VERSION_MAJOR>3) || ((NETTLE_VERSION_MAJOR==3) && (NETTLE_VERSION_MINOR >=4))
+  return nettle_lookup_hash(name);
+#else
  for (i = 0; nettle_hashes[i]; i++)
    {
      if (strcmp(nettle_hashes[i]->name, name) == 0)
 	return nettle_hashes[i];
    }

-  /* We provide a "null" hash which returns the input data as digest. */
-  if (strcmp(null_hash.name, name) == 0)
-    return &null_hash;
-
-  return NULL;
+   return NULL;
+#endif
 }

 /* expand ctx and digest memory allocations if necessary and init hash function */