mailing list of musl libc
 help / color / mirror / code / Atom feed
From: Terefang Verigorn <>
Subject: [musl] possible buffer overflow in crypt() -- musl-1.2.2
Date: Thu, 4 Nov 2021 15:53:12 +0100	[thread overview]
Message-ID: <> (raw)


crypt.h declares
struct crypt_data {
   int initialized;
   char __buf[256];

but crypt.c uses
static char buf[128];
return __crypt_r(key, salt, (struct crypt_data *)buf);

the buf[128] should be rather buf[sizeof(crypt_data)]


             reply	other threads:[~2021-11-04 14:56 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-04 14:53 Terefang Verigorn [this message]
2021-11-04 15:13 ` [musl] " Terefang Verigorn
2021-11-04 16:13 ` [musl] " Rich Felker
2021-11-04 16:32 ` Charlotte Delenk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \
    --subject='Re: [musl] possible buffer overflow in crypt() -- musl-1.2.2' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).