8000 generate_enc_password: increase rsalt by 2 by steveej · Pull Request #1463 · coturn/coturn · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

generate_enc_password: increase rsalt by 2 #1463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 4, 2024
Merged

generate_enc_password: increase rsalt by 2 #1463

merged 3 commits into from
May 4, 2024

Conversation

steveej
Copy link
Contributor
@steveej steveej commented Mar 29, 2024

before this change i see a bufferflow during readable_string.

@ggarber
Copy link
Contributor
ggarber commented Apr 9, 2024

Thank you very much for the report @steveej and the fix! 🙇
I think the problem is in the readable_string function and we shouldn't workaround it here, but let me take a look.

@ggarber
Copy link
Contributor
ggarber commented Apr 9, 2024
edited
Loading

@steveej Could you try this alternative fix? Thank you!

static void readable_string(unsigned char *orig, unsigned char *out, size_t sz) {
  size_t i = 0;
  out[0] = 0;

  for (i = 0; i < sz; ++i) {
    snprintf((char *)(out + (i * 2)), 3, "%02x", (unsigned int)orig[i]);
  }
  out[sz * 2] = 0;
}

eakraly
eakraly requested changes Apr 12, 2024
View reviewed changes
@ggarber
Copy link
Contributor
ggarber commented Apr 19, 2024 8000

@steveej Can you take a look at the comments in this PR when you have a minute? Thank you very much !

@steveej
generate_enc_password: increase rsalt by 2
f31adef 
before this change i see a bufferflow during `readable_string`.
@steveej
Copy link
Contributor Author
steveej commented Apr 25, 2024

hey @ggarber all comments have been addressed

@ggarber
Copy link
Contributor
ggarber commented May 4, 2024

Thank you very much @steveej !

@ggarber ggarber merged commit 158fe9b into coturn:master May 4, 2024
25 of 37 checks passed
@ggarber ggarber mentioned this pull request May 4, 2024
Closed
@chenrui333 chenrui333 mentioned this pull request Dec 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eakraly eakraly eakraly requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@steveej @ggarber @eakraly
0