You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
E.g. when having a digitcount of 6 and when the key is "025341", this will be 25341 as an integer. However the conversion from int to string does not care about the digitcount:
This will result in two different strings being compared: "25341" and "025341". I suggest comparing the integer keys instead of the strings. Another issue is that digitcount may never be larger than 7, since key_str is allocated with a fixed size. This should be DIGITCOUNT+1 everywhere. So every calloc(8, sizeof(char)); is potentially wrong within this library
The text was updated successfully, but these errors were encountered:
feliwir
changed the title
totpverifyi doesn't take digit count into account
totp_verifyi doesn't take digit count into account
Jun 2, 2022
Yeah this must be where tests are failing. Currently the library was only made to support 6 digit codes. However, your solution to not compare it as a string is wrong. The 0 lacking in the string is a major flaw and is potentially breaking tests, too. 012345 is different than 12345 so I am going to propose I remove the integer checks.
This issue is explained in #11 and will be referenced from thereof, as this is more or less a duplicate. There is also nothing wrong with calloc(8, ...) as its well defined, as the output is expected and handled. Although, theres issues with the source of it instead.
E.g. when having a digitcount of 6 and when the key is "025341", this will be 25341 as an integer. However the conversion from int to string does not care about the digitcount:
This will result in two different strings being compared: "25341" and "025341". I suggest comparing the integer keys instead of the strings. Another issue is that digitcount may never be larger than 7, since
key_str
is allocated with a fixed size. This should be DIGITCOUNT+1 everywhere. So everycalloc(8, sizeof(char));
is potentially wrong within this libraryThe text was updated successfully, but these errors were encountered: