Hi,

On Thu, Nov 04, 2021 at 03:53:12PM +0100, Terefang Verigorn wrote:
> hello
> 
> crypt.h declares
> ---
> struct crypt_data {
>    int initialized;
>    char __buf[256];
> };
> ---
> 
> but crypt.c uses
> ---
> static char buf[128];
> return __crypt_r(key, salt, (struct crypt_data *)buf);
> ---
> 
> the buf[128] should be rather buf[sizeof(crypt_data)]

It doesn't appear to be a potential buffer overflow issue. According to
the comment in __crypt_r, the crypt_data struct is only used as an
output buffer. The longest output appears to be around 80 bytes long

> 
> --
> Terefang

-- 
Charlotte

https://keybase.io/darkkirb • GPG Key 3CEF5DDA915AECB0 • https://darkkirb.de