| Subject: | dynamic-stack-buffer-overflow in sha256/512 |
for empty salt, same as for des.c before
The strlen(salt) calculation is wrong with empty salts, and superfluous.
salt_len already scanned the string for the ending $.
==50349==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7fff562b9a32 at pc 0x00010a3417a2 bp 0x7fff562b9930 sp 0x7fff562b90f0
READ of size 11 at 0x7fff562b9a32 thread T0
#0 0x10a3417a1 in wrap_strlen (/opt/local/libexec/llvm-3.9/lib/libclang_rt.asan_osx_dynamic.dylib+0xf7a1)
#1 0x10da78313 in cpx_sha512_crypt_r /Users/rurban/Perl/Crypt-Passwd-XS/sha512crypt.c:547:9
#2 0x10da77306 in cpx_sha512_crypt /Users/rurban/Perl/Crypt-Passwd-XS/sha512crypt.c:644:10
#3 0x10da8bc58 in _multi_crypt /Users/rurban/Perl/Crypt-Passwd-XS/XS.xs:49:20
#4 0x10da8d370 in XS_Crypt__Passwd__XS_unix_sha512_crypt /Users/rurban/Perl/Crypt-Passwd-XS/XS.xs:110:18
#5 0x109c5cf74 in Perl_pp_enterxssub (/usr/local/bin/cperl5.25.3d-nt-asan+0x100318f74)
#6 0x109c56f2a in Perl_pp_entersub (/usr/local/bin/cperl5.25.3d-nt-asan+0x100312f2a)
#7 0x109bad8e3 in Perl_runops_debug (/usr/local/bin/cperl5.25.3d-nt-asan+0x1002698e3)
#8 0x1099e1a88 in perl_run (/usr/local/bin/cperl5.25.3d-nt-asan+0x10009da88)
#9 0x109944fec (/usr/local/bin/cperl5.25.3d-nt-asan+0x100000fec)
#10 0x7fff8171a5ac (/usr/lib/system/libdyld.dylib+0x35ac)
Fixed in https://github.com/rurban/Crypt-Passwd-XS
--
Reini Urban