Description
Proposal Details
Overview
In file: one_pass_signature.go, the fields of the OnePassSignature struct are organized in a way that takes more memory. The fields of the struct can be sorted in a way that takes less memory than the initial alignment.
// OnePassSignature represents a one-pass signature packet. See RFC 4880,
// section 5.4.
type OnePassSignature struct {
SigType SignatureType
Hash crypto.Hash
PubKeyAlgo PublicKeyAlgorithm
KeyId uint64
IsLast bool
}For the above alignment, the size of the struct is 40 bytes (for 64-bit systems). It can be reduced to 24 bytes by aligning the fields as follows:
type OnePassSignature struct {
Hash crypto.Hash
KeyId uint64
SigType SignatureType
PubKeyAlgo PublicKeyAlgorithm
IsLast bool
}Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.