Specifically, the functions encrypt_write_key and decrypt_write_key call pad (here and here), but pad uses a non-exhaustive case over the length of the input string.
This crashes all tasks that call either of these functions:
$ rebar3 hex user auth
[… output truncated]
Generating all keys...
===> Uncaught error in rebar_core. Run with DIAGNOSTIC=1 to see stacktrace or consult rebar3.crashdump
===> When submitting a bug report, please include the output of `rebar3 report "your command"`
A simple workaround is of course to use only local passwords up to 32 characters in size (passwords for hex.pm are not affected by this problem), but the nondescript error and stacktrace make this limitation not obvious.
The stacktrace from the crash, mainly so that other people hitting this problem have an easier time finding the workaround:
Specifically, the functions
encrypt_write_key
anddecrypt_write_key
callpad
(here and here), but pad uses a non-exhaustive case over the length of the input string.This crashes all tasks that call either of these functions:
A simple workaround is of course to use only local passwords up to 32 characters in size (passwords for hex.pm are not affected by this problem), but the nondescript error and stacktrace make this limitation not obvious.
The stacktrace from the crash, mainly so that other people hitting this problem have an easier time finding the workaround: