Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Nov 2021 12:13:14 -0400
From: Rich Felker <>
To: Terefang Verigorn <>
Subject: Re: possible buffer overflow in crypt() -- musl-1.2.2

On Thu, Nov 04, 2021 at 03:53:12PM +0100, Terefang Verigorn wrote:
> hello
> crypt.h declares
> ---
> struct crypt_data {
>    int initialized;
>    char __buf[256];
> };
> ---
> but crypt.c uses
> ---
> static char buf[128];
> return __crypt_r(key, salt, (struct crypt_data *)buf);
> ---
> the buf[128] should be rather buf[sizeof(crypt_data)]

Do you have reason to believe it needs more than 128 bytes? The
crypt_data struct has no inherent relation to what's needed; it was
just needed to provide a public ABI for the caller to have enough
(more than enough, for future-proofing or whatever) storage for the


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.