giorgiozoppi edited a comment on issue #9: SonarCube review. URL: https://github.com/apache/incubator-milagro-crypto-c/issues/9#issuecomment-502471532 The solution of the three supposed vulnerability in Sonar, can be done by: void OCT_toHex(octet *src,char *dst, size_t len) { size_t i = 0; size_t j = 0; unsigned char ch; do { ch=src->val[i]; snprintf(&dst[i*2],len, "%02x", ch); i++; j =i * 2; } while((i < src->len) && (j < len)); dst[len] =0; } But for needed changes the interface and requires the use of snprintf, so mandatory use of C99 and possibily changes on wrapper. So i propose to keep the original OCT_toHex and declare it deprecated in docs. And create void OCT_toHex_s(octet *src,char *dst, size_t len) using the above function and replace where it is needed. @kealan Are u ok with this?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
