pabuhler
commented
4 years ago Thanks for pointing this out, will you submit a PR ?
Closed ThomasDThomsen closed 4 years ago
pabuhler
commented
4 years ago Thanks for pointing this out, will you submit a PR ?
ThomasDThomsen
commented
4 years ago Sure I can do this! However, if try to push my bugfix branch I get: ~/git/github/libsrtp (bugfix-499) $ git push --set-upstream origin bugfix-499 Enter passphrase for key '/home/qtc387/.ssh/id_rsa': ERROR: Permission to cisco/libsrtp.git denied to ThomasDThomsen. fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
pabuhler
commented
4 years ago you can not create a branch directly in the cisco/libsrtp repo, normal way is to create a branch in your own fork on github and then create a PR from that branch
https://github.com/cisco/libsrtp/blob/44144b88ac41c1dff227daa3398bc0bb6ae2ee5c/crypto/math/datatypes.c#L107
In case the length is MAX_PRINT_STRING_LEN/2, this will make that the if statement does not come into effect, and that the resulting length will be MAX_PRINT_STRING_LEN. This will result in the null termination in line 107 to write outside the array bit_string[MAX_PRINT_STRING_LEN].
This issue was found by the Fortify SCA tool.