[PATCH] Buffer overflow in lib/libc/bcrypt.c
This is a discussion on [PATCH] Buffer overflow in lib/libc/bcrypt.c within the mailing.openbsd.tech forums, part of the OpenBSD category; --> encode_salt() in lib/libc/bcrypt.c writes a 7 byte prefix, a base64 encoding of a 16 byte string (16 * 4/3 ...
| |||||||
![[PATCH] Buffer overflow in lib/libc/bcrypt.c](http://www.unixadmintalk.com/iconimages/mailing-openbsd-tech/patch-buffer-overflow-lib-libc-bcrypt-c_ltr.gif)
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:44 AM
| ||||
| ||||
 [PATCH] Buffer overflow in lib/libc/bcrypt.c encode_salt() in lib/libc/bcrypt.c writes a 7 byte prefix, a base64 encoding of a 16 byte string (16 * 4/3 rounded up bytes), and then a null terminator into the gsalt global variable which only has enough room for the base64 encoding. Index: lib/libc/crypt/bcrypt.c ================================================== ================= RCS file: /cvs/src/lib/libc/crypt/bcrypt.c,v retrieving revision 1.20 diff -p -u -r1.20 bcrypt.c --- lib/libc/crypt/bcrypt.c 3 Apr 2006 19:55:49 -0000 1.20 +++ lib/libc/crypt/bcrypt.c 4 Jul 2006 06:23:23 -0000 @@ -73,7 +73,7 @@ static void encode_base64(u_int8_t *, u_ static void decode_base64(u_int8_t *, u_int16_t, u_int8_t *); static char encrypted[_PASSWORD_LEN]; -static char gsalt[BCRYPT_MAXSALT * 4 / 3 + 1]; +static char gsalt[7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1]; static char error[] = ":"; const static u_int8_t Base64Code[] =      |
 |
« Re: PLANEX GW-CF11X without firmware pre-loaded
|
Re: [PATCH] Buffer overflow in lib/libc/bcrypt.c »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 04:54 PM.
