-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
Low
-
sst_security_crypto
-
ssg_security
-
10
-
None
-
False
-
-
No
-
None
-
-
None
-
None
-
Unspecified Release Note Type - Unknown
-
None
What were you trying to do that didn't work?
SAST found out that snprintf return value is sometimes just casted to size_t without checking for possible negative value.
Please provide the package NVR for which bug is seen:
libxcrypt-4.4.18-3.el9
How reproducible:
always
Steps to reproduce
- grep -R 'size_t.*snprintf' $(find -name *.c)
Expected results
empty
Actual results
./lib/crypt-gensalt.c: written = (size_t) snprintf ((char *)output, output_size,
./lib/crypt-pbkdf1-sha1.c: pl = (size_t)snprintf ((char *)output, out_size, "%s%lu$%.*s$",
./lib/crypt-sunmd5.c: size_t written = (size_t) snprintf ((char *)output, o_size,