set variable 'buffer' that in base32_decode to unsigned integer type

google / google-authenticator-libpam

Apache License 2.0

1.75k stars 280 forks source link

set variable 'buffer' that in base32_decode to unsigned integer type #235

Closed MuggleWei closed 10 months ago

MuggleWei commented 10 months ago

In base32_decode, variable 'buffer' is signed integer may lead undefined behavior when left operand.

e.g. compile and link with -fsanitize=undefined, and run test below:

const char *b32_key = "PFXWQZLMNRXXO33SNRSA";
unsigned char key[64];
base32_decode((uint8_t*)b32_key, key, sizeof(key));

get output:

runtime error: left shift of 509336089 by 5 places cannot be represented in type 'int'

google-cla[bot] commented 10 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

ThomasHabets commented 10 months ago

Thanks!