Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24835

libxcrypt - check snprintf for negative return values

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-9.6
    • None
    • libxcrypt
    • None
    • sst_security_crypto
    • ssg_security
    • 10
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Hide

      SanityOnly

      Show
      SanityOnly
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      SAST found out that snprintf return value is sometimes just casted to size_t without checking for possible negative value.

      Please provide the package NVR for which bug is seen:

      libxcrypt-4.4.18-3.el9

      How reproducible:

      always

      Steps to reproduce

      1.  grep -R 'size_t.*snprintf' $(find -name *.c)

      Expected results

      empty

      Actual results

      ./lib/crypt-gensalt.c:    written = (size_t) snprintf ((char *)output, output_size,
      ./lib/crypt-pbkdf1-sha1.c:  pl = (size_t)snprintf ((char *)output, out_size, "%s%lu$%.*s$",
      ./lib/crypt-sunmd5.c:  size_t written = (size_t) snprintf ((char *)output, o_size,

            szidek@redhat.com Stanislav Zidek
            szidek@redhat.com Stanislav Zidek
            Stanislav Zidek Stanislav Zidek
            Alexander Sosedkin Alexander Sosedkin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: