From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 4657 invoked from network); 4 Nov 2021 16:34:00 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 4 Nov 2021 16:34:00 -0000 Received: (qmail 21967 invoked by uid 550); 4 Nov 2021 16:33:59 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 21929 invoked from network); 4 Nov 2021 16:33:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darkkirb.de; s=dkim; t=1636043622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=lvtnP2FM1bUau8CrM3iZFhSkQvbltKpaqwbCwAlmmWg=; b=mf8pL+ii4ZaO+NwObwYxqz/hWTCbupJ0BilsfP6Q2LWsDht6aCYdJ0WS8trxMDiNh7MJG6 Z7qW5paDduV8wOH/IXd1JYXX0sgqsHGBrmNL+YO3pv8TKGJKa4yk2nPh8TRVsS0jHY6v+t G+ygqJrvKOgNnGCzUp9RhPqS3pm3k3Q= DKIM-Filter: OpenDKIM Filter v2.11.0 mail.darkkirb.de 89BA9DFD28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darkkirb.de; s=mail; t=1636043621; bh=lvtnP2FM1bUau8CrM3iZFhSkQvbltKpaqwbCwAlmmWg=; h=Date:From:To:Subject:References:In-Reply-To:From; b=r/k0BVgjxkVMo7dfJHrxoF1N6+zmmXmw6HydENokRKn5NLXw9UWMIrCIiI3Wh7O6g I/wmoJKkT67Jx7QpI27uoIJWmWEVPAok4P6KjOBZua7mW1s9V8IL0thc/4fKHzDoY9 fp+iSNdbn5T6R/tPjcSQ0E+8eLrN9BmK0TwIqQro= Date: Thu, 4 Nov 2021 17:32:37 +0100 From: Charlotte Delenk To: musl@lists.openwall.com Message-ID: <20211104163237.4tjw7wopsg6oe7ow@nutty-noon> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tmdctj2u2nrkv4ed" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20211029 Subject: Re: [musl] possible buffer overflow in crypt() -- musl-1.2.2 --tmdctj2u2nrkv4ed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Thu, Nov 04, 2021 at 03:53:12PM +0100, Terefang Verigorn wrote: > hello >=20 > crypt.h declares > --- > struct crypt_data { > int initialized; > char __buf[256]; > }; > --- >=20 > but crypt.c uses > --- > static char buf[128]; > return __crypt_r(key, salt, (struct crypt_data *)buf); > --- >=20 > the buf[128] should be rather buf[sizeof(crypt_data)] It doesn't appear to be a potential buffer overflow issue. According to the comment in __crypt_r, the crypt_data struct is only used as an output buffer. The longest output appears to be around 80 bytes long >=20 > -- > Terefang --=20 Charlotte https://keybase.io/darkkirb =E2=80=A2 GPG Key 3CEF5DDA915AECB0 =E2=80=A2 ht= tps://darkkirb.de --tmdctj2u2nrkv4ed Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQQ/r15dU0pQ4MOKyjMBXjdopwr7xQUCYYQLIwAKCRABXjdopwr7 xd+0APwIcYe0o2qh86zcROebsbFlHYRIjW/OlWNCPUr9spry/QD/cs9H5uA50MSH Arw13sIChBXKSvSZ6/1kBtF4L0sy9QY= =TvUd -----END PGP SIGNATURE----- --tmdctj2u2nrkv4ed--