Security issue / bug #11
Comments
|
no comment,, decided top delete will come back with this in a few hours! |
|
error in block #cgo LDFLAGS: -lcrypt
#define _GNU_SOURCE
#include <stdlib.h>
#include <string.h>
#include <crypt.h>
char *gnu_ext_crypt(char *pass, char *salt) {
char *enc = NULL;
char *ret = NULL;
struct crypt_data data;
data.initialized = 0;
enc = crypt_r(pass, salt, &data);
if(enc == NULL) {
return NULL;
}
ret = (char *)malloc(strlen(enc)+1); // for trailing null
strncpy(ret, enc, strlen(enc));
ret[strlen(enc)]= '\0'; // paranoid
return ret;
}this should be ingored but in order from it annoying users and creating security issues, its best to fix it warning ./test.go: In function ‘gnu_ext_crypt’:
./test.go:32:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
32 | strncpy(ret, enc, strlen(enc));
| ^~~~~~~~~~~~~~~~~~~ |
|
I've opened a pull request to fix this build break. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: