Skip to content

crypt-(gensalt-)static: Do not overwrite the output buffer too early. #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

crypt-(gensalt-)static: Do not overwrite the output buffer too early. #210

wants to merge 1 commit into from

Conversation

besser82
Copy link
Owner

@besser82 besser82 commented Apr 11, 2025
edited
Loading

Allow passing a pointer returned by crypt(3) previously as the input for a subsequent call to crypt(3), adapt the manpage accordingly, and implement a simple testcase for such a scenario.

Also apply the same semantics to crypt_gensalt(3).

Fixes #209.

@besser82 besser82 requested a review from solardiz April 11, 2025 09:41
@besser82 besser82 self-assigned this Apr 11, 2025
@codecov Codecov
Copy link

codecov bot commented Apr 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.46%. Comparing base (e34e063) to head (962ad88).

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #210      +/-   ##
===========================================
+ Coverage    90.44%   90.46%   +0.01%     
===========================================
  Files           36       36              
  Lines         3988     3995       +7     
  Branches       747      749       +2     
===========================================
+ Hits          3607     3614       +7     
  Misses         242      242              
  Partials       139      139

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@solardiz
Copy link
Collaborator

Thanks! I agree with the man page edits, but disagree with the code change. Let's not special-case this. There are other related cases to take care of as well: passing the previous return value as key rather than setting, and passing a pointer into the middle of a previous return value (e.g., skip over the original salt when chaining multiple hash types).

@solardiz
Copy link
Collaborator

To be clear, I do not mean to also special-case those other cases - rather, to develop a generic fix for all of these that would not need to check any conditions. Just don't overwrite the output buffer before reading both inputs, ever.

@besser82 besser82 force-pushed the topic/besser82/issue209 branch from 5ce25b7 to 88965a3 Compare April 12, 2025 11:04
@besser82
Copy link
Owner Author

To be clear, I do not mean to also special-case those other cases - rather, to develop a generic fix for all of these that would not need to check any conditions. Just don't overwrite the output buffer before reading both inputs, ever.

Should be addressed properly in the rebased commit.

@besser82 besser82 force-pushed the topic/besser82/issue209 branch from 88965a3 to a086c71 Compare April 12, 2025 13:56
@besser82 besser82 changed the title crypt-static: Do not clobber the output buffer too early. crypt-(gensalt-)static: Do not overwrite the output buffer too early. Apr 12, 2025
@besser82 besser82 force-pushed the topic/besser82/issue209 branch 3 times, most recently from bafeb9e to b1230ad Compare April 15, 2025 12:41
@besser82
crypt-(gensalt-)static: Do not overwrite the output buffer too early.
962ad88 
Allow passing a pointer returned by crypt(3) previously as the input
for a subsequent call to crypt(3), adapt the manpage accordingly,
and implement a simple testcase for such a scenario.

Also apply the same semantics to crypt_gensalt(3).

Fixes #209.
@besser82 besser82 force-pushed the topic/besser82/issue209 branch from b1230ad to 962ad88 Compare April 15, 2025 12:50
@besser82
Copy link
Owner Author

@solardiz Is everything okay with the changes now?

solardiz
solardiz approved these changes Apr 17, 2025
View reviewed changes
Copy link
Collaborator

@solardiz solardiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look OK to me now. However, I am concerned about a few related things (I'll write a separate comment).

@solardiz
Copy link
Collaborator

I'm sorry it took me a while to get to reviewing this again. It's hard for me to make time when I can concentrate on critical code reviews now.

I'm concerned that we're adding complexity to paper over prior code's shortcomings, but OTOH I understand that we care not only about risk of bugs in latest code, but about risk of bugs across all versions, and more code changes mean increasing the latter risk. That's an unfortunate tradeoff.

For brand new code, we'd probably postpone the make_failure_token calls until we reach an error path.

Please don't make any changes to address this comment yet. Let's discuss first, along with the additional concern I just brought up in #209. Maybe @ldv-alt would want to weigh in?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@solardiz solardiz solardiz approved these changes

Assignees

@besser82 besser82

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

crypt() overwrites its output buffer before reading arguments
2 participants
@besser82 @solardiz