From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 26641 invoked from network); 4 Nov 2021 14:56:53 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 4 Nov 2021 14:56:53 -0000 Received: (qmail 3263 invoked by uid 550); 4 Nov 2021 14:56:50 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 32589 invoked from network); 4 Nov 2021 14:53:36 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=41LhlWU9xAIjgxAYWZz1BfTJ0zKaDEadzotS7g16B+g=; b=BGcx1G4O+r9LjOoLWbCt52qYUPDJo7TiVzwQfO9Cyyt8M09vnTc5UabfRmLCTgnw8+ TQ6w/eM2C3lLB84zr9ZejuaEQGbjVt+ObO6M8z96jA11ezNkLhip4hpaJx0QuDgFM8+a kez+LsEmpv8TiadXbCkQVuvs4B0InXBhhjvVirFFBFNLMiR8f857qt7fq5idLYK5H0Yn vVJUgveIUGkrIxwzEBFeINduJsvggRtC1FMt1H3uABalyfgnWmKmgxQpiW8w3bbI1Olw /4jClDazkI59+L+hcDyQ7NuxTdVVOgN704tT7tXF4UkVsUpDDugiof5W56Kw3c1zTtaD 1OAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=41LhlWU9xAIjgxAYWZz1BfTJ0zKaDEadzotS7g16B+g=; b=zdxiGImdgAXzJyDrdReksaksyBX9hEVSfe75oVvcY/cpDTECIm4RAaOrbMSx8eyoWf g2ZXN9tdWQ+2yTY6qUOSeAoQ0+vUFkXnqdvtYE/xeEQoDe7yRo2KynPWCVTYVv5aSkZv AnHQWfw2zri9kP7Xy1GKbnhtLeMoAO/3jRTSsUzCuagcHsX/jfgpfLwpeTaIbXLOW68f nH4lXanduoqzflwc6XtgsVQlNaEq/fwcphG+i1l9FY5jtiSe+2IKaXxXT5XXfkG06p7q bEw/BBMkGsCu5f9scBXoyUo4We8Z5jk2LRapbOMorWnfSVFG6wtcFS2bhrRud38/oYyC jgUw== X-Gm-Message-State: AOAM533Yf+35xEARsv+6cQZlTLP8R0SedSBOrErqYhh+l9TWLb5SkVZR Hdg5M6CLqpMnHLt+7bNyZDkLQKQ3w4WDgHoXIu4m8p/Ccho= X-Google-Smtp-Source: ABdhPJzkSWVgvJ+QAkZPC3pqumBg3WhmfraPlO4ga6V2EZYaB3338KRjNIIeIexHgUy4RZ5XggJHf3aDSVcomW9yWsE= X-Received: by 2002:a05:6830:25d1:: with SMTP id d17mr23760214otu.303.1636037603320; Thu, 04 Nov 2021 07:53:23 -0700 (PDT) MIME-Version: 1.0 From: Terefang Verigorn Date: Thu, 4 Nov 2021 15:53:12 +0100 Message-ID: To: musl@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Subject: [musl] possible buffer overflow in crypt() -- musl-1.2.2 hello crypt.h declares --- struct crypt_data { int initialized; char __buf[256]; }; --- but crypt.c uses --- static char buf[128]; return __crypt_r(key, salt, (struct crypt_data *)buf); --- the buf[128] should be rather buf[sizeof(crypt_data)] -- Terefang