search

otrv4 / libotr-ng

A new implementation of OTR with support for version 4. This is a mirror of https://bugs.otr.im/otrv4/libotr-ng
Other
43 stars 9 forks source link

Small snprintf error in otrng_fingerprint_hash_to_human #205

Closed lnsndn closed 5 years ago

lnsndn commented 5 years ago

Hello! This is a very minor error that has no impact right now but is worth pointing out anyway. A friend and I spotted it while we were browsing through the code for fun.

In this snippet from https://github.com/otrv4/libotr-ng/blob/master/src/fingerprint.c#L41:

if (snprintf(p, OTRNG_FPRINT_HUMAN_LEN, "%02X",
  (unsigned int)hash[word * 4 + byte]) < 0) {
   return OTRNG_ERROR;
}
p += 2;

The second parameter to snprintf is the max size to be written for each loop, which in this case should be 3 (p including the terminating null character), not OTRNG_FPRINT_HUMAN_LEN (126). As I said, it happens to work now, but if someone ever modifies the function there could be some overwrite errors, or at least a bit of headache around why tests fail before they spot the issue.

Would you like me to open a PR or what is your preference?

claucece commented 5 years ago

Hi, @lnsndn !

Thanks so much for this!

Would you like me to open a PR or what is your preference?

We will love a PR, so go ahead ;)

Thanks!

claucece commented 5 years ago

Fixed by PR. Thanks!