mkj
commented
2 months ago Putting if (c < 0) printf at line 91 I can reproduce it, though I couldn't get ubsan to catch it. It certainly looks like undefined behaviour, I'll figure how to fix that.
The curve25519 implementation is from tweetnacl, I'm surprised the problem hasn't been reported elsewhere (that I can find).
To reproduce this, build curve25519.c with -fsanitize=undefined. gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
Run the dropbear server from the command line. Connect to the dropbear server. The message is printed on the console.