The CryptoPP allocation code is vulnerable to infinite executions in case of memory exhaustion conditions.
Submitted a PR to perform a fail safe operation (throw bad_alloc) instead of looping forever. Issue will likely affect all platforms.
On top of this fix, I recommend having more precise exception handling throughout the project instead of using the generic (Exception e) as it may inform users about the precise error causes. I did not change this in the PR.
Please do not ask questions about unsupported build systems, like Autotools, CMake, Conan and NuGet. They are other people's projects. We don't know anything about them.
Please do not ask questions at Stack Overflow. We do not patrol Stack Overflow. We will not be able to answer your question.
There is a wiki page with information on filing useful bug reports. If you have some time please visit http://www.cryptopp.com/wiki/Bug_Report on the wiki. The executive summary is:
State the operating system and version (Ubutnu 17 x86_64, Windows 7 Professional x64, etc)
State the version of the Crypto++ library (Crypto++ 7.0, Master, etc)
State how you built the library (Visual Studio, Makefile, distro provided, etc)
Show a typical command line (the output of the compiler for cryptlib.cpp)
Show the link command (the output of the linker for libcryptopp.so or cryptest.exe)
Show the exact error message you are receiving (copy and paste it); or
Clearly state the undesired behavior (and state the expected behavior)
Crypto++ Issue Report
The CryptoPP allocation code is vulnerable to infinite executions in case of memory exhaustion conditions.
Submitted a PR to perform a fail safe operation (throw bad_alloc) instead of looping forever. Issue will likely affect all platforms.
On top of this fix, I recommend having more precise exception handling throughout the project instead of using the generic (Exception e) as it may inform users about the precise error causes. I did not change this in the PR.
See: https://github.com/weidai11/cryptopp/pull/1266
Thank you, Julien
Please do not ask questions in the bug tracker. Please ask questions on the Crypto++ Users List at http://groups.google.com/forum/#!forum/cryptopp-users.
Please do not ask questions about unsupported build systems, like Autotools, CMake, Conan and NuGet. They are other people's projects. We don't know anything about them.
Please do not ask questions at Stack Overflow. We do not patrol Stack Overflow. We will not be able to answer your question.
There is a wiki page with information on filing useful bug reports. If you have some time please visit http://www.cryptopp.com/wiki/Bug_Report on the wiki. The executive summary is: