set variable 'buffer' that in base32_decode to unsigned integer type

google / google-authenticator-libpam

Apache License 2.0

1.8k stars 286 forks source link

set variable 'buffer' that in base32_decode to unsigned integer type #235

Closed MuggleWei closed 1 year ago

MuggleWei commented 1 year ago

In base32_decode, variable 'buffer' is signed integer may lead undefined behavior when left operand.

e.g. compile and link with -fsanitize=undefined, and run test below:

const char *b32_key = "PFXWQZLMNRXXO33SNRSA";
unsigned char key[64];
base32_decode((uint8_t*)b32_key, key, sizeof(key));

get output:

runtime error: left shift of 509336089 by 5 places cannot be represented in type 'int'

google-cla[bot] commented 1 year ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

ThomasHabets commented 1 year ago

Thanks!