From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 2399 invoked from network); 4 Nov 2021 16:13:30 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 4 Nov 2021 16:13:30 -0000 Received: (qmail 4023 invoked by uid 550); 4 Nov 2021 16:13:28 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 3988 invoked from network); 4 Nov 2021 16:13:27 -0000 Date: Thu, 4 Nov 2021 12:13:14 -0400 From: Rich Felker To: Terefang Verigorn Cc: musl@lists.openwall.com Message-ID: <20211104161313.GG7074@brightrain.aerifal.cx> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] possible buffer overflow in crypt() -- musl-1.2.2 On Thu, Nov 04, 2021 at 03:53:12PM +0100, Terefang Verigorn wrote: > hello > > crypt.h declares > --- > struct crypt_data { > int initialized; > char __buf[256]; > }; > --- > > but crypt.c uses > --- > static char buf[128]; > return __crypt_r(key, salt, (struct crypt_data *)buf); > --- > > the buf[128] should be rather buf[sizeof(crypt_data)] Do you have reason to believe it needs more than 128 bytes? The crypt_data struct has no inherent relation to what's needed; it was just needed to provide a public ABI for the caller to have enough (more than enough, for future-proofing or whatever) storage for the result. Rich