Comments (2)
In addition, strlen
of these unterminated strings is used as a length argument to memcpy
, resulting in buffer overflows.
from c_otp.
Hi,
first, thanks for opening this issue and you're right, that's a te|ho(rrible) bug.
I already started working on it and fixing the evident memory leak(s) you
mentioned.
I have to admit I found several memory leaks and I tried to fix everything
with the next change, trying to avoid abusing about heap and variables
allocation and simplifying the code base as well.
In the next patch I'm going to submit you will find several fixes and some
enhancement like:
- file descriptor not closed;
- memory not properly freed, rework of
split_str
function; - use of signal handling to properly free the in-used memory when -s opt
is passed and SIGINT is received - printing function enhancement to support the very basic json like output
(and properly document it)
The issue of split_str was already fixed in the gpg branch, but tbh I had no
time to finish it, test and think about merging that feature in master; then,
master wasn't stable enough and the issue you've found is a great example
of that.
Something about testing
Here [1] a simple output related to some testing performed after producing
the fixes described above (run with the following command):
>> valgrind -s --tool=memcheck --leak-check=full --leak-resolution=high \
--show-leak-kinds=all --show-reachable=yes ./c_otp -f providerrc.sample -m 1 -s
Feel free to take a look, comment or chime in (and drive me) if you have ideas to optimize the code base of produce fixes for both style or features.
And again, thanks a lot for pointing me out to this bug.
[1] https://pastebin.com/DpKQiVEF
from c_otp.
Related Issues (3)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from c_otp.