overflow in tests/example_sig_stfl.c

open-quantum-safe / liboqs

C library for prototyping and experimenting with quantum-resistant cryptography

https://openquantumsafe.org/

Other

1.92k stars 466 forks source link

Closed wangweij closed 3 months ago

wangweij commented 3 months ago

Describe the bug

70      sk_fname = malloc(strlen(method_name) + strlen(".sk"));
....
78      strcpy(sk_fname, method_name);
79      strcat(sk_fname, ".sk");

Here, the size of sk_fname is only enough to contain method_name and ".sk" but not the zero at the end of ".sk".

To Reproduce This is a coding error.

Suggested Fix

-   sk_fname = malloc(strlen(method_name) + strlen(".sk"));
+   sk_fname = malloc(strlen(method_name) + strlen(".sk") + 1);

SWilson4 commented 3 months ago

Thanks for the report! Created #1887 to fix.