Yep, thanks. Would have done this myself but don't actually use Open.
On 28 June 2012 16:51, Mike Belopuhov <mkb@...> wrote:
> On Thu, Jun 28, 2012 at 16:04 +0100, Andrew Nelless wrote:
>> The range checking of the salt length (salt_len) in pkcs5_pbkdf2() on
>> line 90 of src/sbin/bioctl/pbkdf2.c is a bit off:
>> 90: if (salt_len == 0 || salt_len > SIZE_MAX - 1)
>> 91: return -1;
>> 92: if ((asalt = malloc(salt_len + 4)) == NULL)
>> 94: return -1;
>> If (SIZE_MAX - 2) is passed to this function "asalt" will be
>> malloc(1)'d and the subsequent memcpy on line 95 will segfault.
>> This has no impact to bioctl but this implementation is linked to from
>> the PBKDF2 Wikipedia article, and may be copied and used by others.
> thanks for reporting this. the diff below should fix the problem.
> diff --git sbin/bioctl/pbkdf2.c sbin/bioctl/pbkdf2.c
> index eba68ad..67ff075 100644
> --- sbin/bioctl/pbkdf2.c
> +++ sbin/bioctl/pbkdf2.c
> @@ -87,7 +87,7 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const char