-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slice bounds panic in radius.NewUserPassword #115
Comments
Please provide a reproducible example. |
This program reproduces the panic: package main
import (
"layeh.com/radius"
"layeh.com/radius/rfc2865"
)
func main() {
packet := radius.New(radius.CodeAccessRequest, []byte("secret"))
password := make([]byte, 0, 16) // capacity is 16
password = append(password, "password"...)
rfc2865.UserPassword_Set(packet, password) // no panic
packet = radius.New(radius.CodeAccessRequest, []byte("secret"))
password = make([]byte, 0, 15) // capacity less than 16
password = append(password, "password"...)
rfc2865.UserPassword_Set(packet, password) // panic
} With the following backtrace:
EDIT: Fixed code block above to include panic message |
Just an interesting note, we have been using this package for a while and only recently ran into this when testing with Go's development branch. A new optimization to avoid copies when converting between In other words, this optimization in Go unearths a long-standing bug present in |
Thank you. The issue should be fixed in 6c2c615. |
This code in
NewUserPassword
will panic ifcap(plaintext) < 16
:There is similar code in
UserPassword
as well.The text was updated successfully, but these errors were encountered: