Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix buffer overflow in write_chalresp_state() #167

Merged
merged 1 commit into from
Sep 13, 2018
Merged

Fix buffer overflow in write_chalresp_state() #167

merged 1 commit into from
Sep 13, 2018

Conversation

rtfm3514
Copy link

Buffer was defined as CR_SALT_SIZE = 32 but number of random bytes
was CR_CHALLENGE_SIZE = 63.

Bug was introduced with commit 0972986 and on my system has the nasty side effect of corrupting the state file. So, the FIRST authentication with a buggy version works fine but the SECOND or any subsequent one breaks. It took me forever to properly bisect that.

This might be related to or even fix issue #166 as I had the same error. I am running Arch so my software is pretty much the latest version available.

Please review and merge at your discretion.

Thanks a lot,
Björn Wiedenmann

Buffer was defined as CR_SALT_SIZE = 32 but number of random bytes
was CR_CHALLENGE_SIZE = 63.
@klali
Copy link
Member

klali commented Sep 13, 2018

Thanks, merging.

@klali klali merged commit bef666a into Yubico:master Sep 13, 2018
@rtfm3514 rtfm3514 deleted the fix_buffer_salt_size branch November 29, 2019 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants