go-crypt icon indicating copy to clipboard operation
go-crypt copied to clipboard

Published 20 hours ago verified publisher icon amoghe

Security issue / bug

Open TotallyNotAHaxxer opened this issue 3 years ago • 3 comments

TotallyNotAHaxxer avatar Mar 21 '22 02:03 TotallyNotAHaxxer

no comment,, decided top delete will come back with this in a few hours!

TotallyNotAHaxxer avatar Mar 21 '22 02:03 TotallyNotAHaxxer

error in block

#cgo LDFLAGS: -lcrypt
#define _GNU_SOURCE
#include <stdlib.h>
#include <string.h>
#include <crypt.h>
char *gnu_ext_crypt(char *pass, char *salt) {
  char *enc = NULL;
  char *ret = NULL;
  struct crypt_data data;
  data.initialized = 0;
  enc = crypt_r(pass, salt, &data);
  if(enc == NULL) {
    return NULL;
  }
  ret = (char *)malloc(strlen(enc)+1); // for trailing null
  strncpy(ret, enc, strlen(enc));
  ret[strlen(enc)]= '\0'; // paranoid
  return ret;
}

this should be ingored but in order from it annoying users and creating security issues, its best to fix it

warning

./test.go: In function ‘gnu_ext_crypt’:
./test.go:32:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
   32 |   strncpy(ret, enc, strlen(enc));
      |   ^~~~~~~~~~~~~~~~~~~

TotallyNotAHaxxer avatar Mar 21 '22 02:03 TotallyNotAHaxxer

I've opened a pull request to fix this build break.

alan-nettica avatar Apr 03 '24 17:04 alan-nettica