Fix stack clobber in new uuid-ossp code.

The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable.
This had accidentally failed to fail in my testing and Matteo's, but
buildfarm results exposed the problem.

diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c
index f8c33d2b4698fb85fd9b05e8810638acd4f2d59f..88da168388916b19db5d980fd7c0d6b53b0cec6d 100644 (file)
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len)
                                        MD5Init(&ctx);
                                        MD5Update(&ctx, ns, sizeof(uu));
                                        MD5Update(&ctx, (unsigned char *) ptr, len);
+                                       /* we assume sizeof MD5 result is 16, same as UUID size */
                                        MD5Final((unsigned char *) &uu, &ctx);
                                }
                                else
                                {
                                        SHA1_CTX        ctx;
+                                       unsigned char sha1result[SHA1_RESULTLEN];
 
                                        SHA1Init(&ctx);
                                        SHA1Update(&ctx, ns, sizeof(uu));
                                        SHA1Update(&ctx, (unsigned char *) ptr, len);
-                                       SHA1Final((unsigned char *) &uu, &ctx);
+                                       SHA1Final(sha1result, &ctx);
+                                       memcpy(&uu, sha1result, sizeof(uu));
                                }
 
                                /* the calculated hash is using local order */