Fix stack clobber in new uuid-ossp code.

The V5 (SHA1 hashing) code wrote 20 bytes into a 16-byte local variable.
This had accidentally failed to fail in my testing and Matteo's, but
buildfarm results exposed the problem.

diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c
index f8c33d2b4698fb85fd9b05e8810638acd4f2d59f..88da168388916b19db5d980fd7c0d6b53b0cec6d 100644 (file)
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@@ -316,16 +316,19 @@ uuid_generate_internal(int v, unsigned char *ns, char *ptr, int len)
                    MD5Init(&ctx);
                    MD5Update(&ctx, ns, sizeof(uu));
                    MD5Update(&ctx, (unsigned char *) ptr, len);
+                   /* we assume sizeof MD5 result is 16, same as UUID size */
                    MD5Final((unsigned char *) &uu, &ctx);
                }
                else
                {
                    SHA1_CTX    ctx;
+                   unsigned char sha1result[SHA1_RESULTLEN];
 
                    SHA1Init(&ctx);
                    SHA1Update(&ctx, ns, sizeof(uu));
                    SHA1Update(&ctx, (unsigned char *) ptr, len);
-                   SHA1Final((unsigned char *) &uu, &ctx);
+                   SHA1Final(sha1result, &ctx);
+                   memcpy(&uu, sha1result, sizeof(uu));
                }
 
                /* the calculated hash is using local order */