Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem in extracting salt #141

Closed
viennadd opened this issue Jan 9, 2017 · 1 comment
Closed

Problem in extracting salt #141

viennadd opened this issue Jan 9, 2017 · 1 comment
Labels
bug scope:core
Milestone
2.93

Comments

@viennadd
Copy link

viennadd commented Jan 9, 2017

need a look,

In function tr_ssha1_matches, in line 165 ,if sourcelen equals 2 * SHA_DIGEST_LENGTH - 1,

then

 if (sourcelen < 2 * SHA_DIGEST_LENGTH - 1)    // this will take false block
    return false;
  saltlen = sourcelen - 2 * SHA_DIGEST_LENGTH - 1;     // sourcelen == 2 * SHA_DIGEST_LENGTH - 1, then saltlen should be assigned 0;
  salt = tr_malloc (saltlen);       // malloc(0), then salt = NULL
  memcpy (salt, ssha1 + 2 * SHA_DIGEST_LENGTH + 1, saltlen);   // <== pass invalid null pointer into memcpy,

I think most of memcpy implementations would do nothing if len argument is 0, but passing null pointer into is an undefined behaviour, may be you could take a look and see if there are any problems
@mikedld mikedld closed this as completed in 3375b22 Jan 9, 2017
@mikedld
Copy link
Member

mikedld commented Jan 9, 2017

Thanks!

cfpp2p pushed a commit to cfpp2p/transmission that referenced this issue Jan 10, 2017
Fixed: Problem in extracting salt
9f10766 
transmission/transmission#141
cfpp2p pushed a commit to cfpp2p/transmission that referenced this issue Jan 10, 2017
Fixed: Problem in extracting salt
d6a0e05 
transmission/transmission#141
@mikedld mikedld modified the milestone: 3.00 Jul 4, 2017
@mikedld mikedld modified the milestones: 3.00, 2.93 Jan 16, 2018
mikedld added a commit that referenced this issue Jan 16, 2018
@mikedld
Simplify tr_ssha1_matches logic
c22e687 
Gets rid of needless heap memory allocations and copying. Convert SHA1 hash
to hex in-place.

Fixes: #141
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug scope:core
Milestone
2.93
Development

No branches or pull requests
2 participants
@mikedld @viennadd