Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Nov 2021 15:53:12 +0100
From: Terefang Verigorn <>
Subject: possible buffer overflow in crypt() -- musl-1.2.2


crypt.h declares
struct crypt_data {
   int initialized;
   char __buf[256];

but crypt.c uses
static char buf[128];
return __crypt_r(key, salt, (struct crypt_data *)buf);

the buf[128] should be rather buf[sizeof(crypt_data)]


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.