> On May 27, 2020, at 08:15, Vasyl Gello wrote:
>
> Hi Matthew!
>
> Thanks for the continued review! You read my mind now?)
>
> >
> >Now that I read the remainder of the main source file, I spotted a
> >completely separate issue, src/cryptopass.c:375-384 [1]:
> >
> > /* Clean up everything
Hi Matthew!
Thanks for the continued review! You read my mind now?)
>
>Now that I read the remainder of the main source file, I spotted a completely
>separate issue, src/cryptopass.c:375-384 [1]:
>
>/* Clean up everything */
>
>for (counter = 0; counter < 10; counter++) {
>
> On May 26, 2020, at 23:46, Vasyl Gello wrote:
>
> Hi Matthew!
>
>> I would suggest adding one as well as fuzzing this code before exposing the
>> downstream public to it.
>
> Will fix the issues and add testsuite && fuzzcorp ASAP.
>
> BTW I fixed all the stuff GCC 8.3.0 reported me with
Hi Mattia!
>I just used the current default in Debian sid, which is GCC 9.
>
>You should be building your packages in a chroot (possibly using wrapper
>tools such as pbuilder or sbuild) to, as from what you said you aren't
>building them in sid.
I am building in chroot but targeting buster as
On Wed, May 27, 2020 at 06:46:42AM +, Vasyl Gello wrote:
> BTW I fixed all the stuff GCC 8.3.0 reported me with FORTIFY_SOURCE=2 before
> pushing code to GitHub.
> Did you use GCC 10?
I just used the current default in Debian sid, which is GCC 9.
You should be building your packages in a
Hi Matthew!
>This prompted me to take a quick look at the source. There are multiple
>trivially exploitable buffer overflows in this code. E.g.
>src/cryptopass.c:147-149 [0]:
>
>usernamelen = strlen(argv[1]);
>
>memcpy(username, argv[1], usernamelen);
>
>You could argue this program is
> On May 26, 2020, at 15:10, Mattia Rizzolo wrote:
>
> * building the package shows this "scary" GCC warning:
> |In file included from /usr/include/string.h:495,
> | from cryptopass.c:19:
> |In function 'strncpy',
> |inlined from 'main' at cryptopass.c:200:9:
>
Control: owner -1 !
Control: tag -1 moreinfo
On Sun, May 24, 2020 at 02:22:42PM +, Vasyl Gello wrote:
> I am looking for a sponsor for my package "cryptopass"
o/
> * Vcs : https://salsa.debian.org/basilgello-guest/cryptopass
I'm mostly looking at the VCS, but I'm not ignoring
8 matches
Mail list logo
