...
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h> #include <ctype.h> #include <string.h> enum {max_user = 1024}; enum {max_password = 10}; /* sizeof("password\n\0") */ char const *valid_user = "user"; char const *valid_password = "password"; int do_auth(void) { char* username[max_user]; char* password[max_password]; puts("Please enter your username: "); if (fgets(username, sizeof( username), stdin) == NULL) { /* handle error */ } /* trim off ws at end, including newline */ while (strlen(username) > 0 && isspace( username[ strlen(username) - 1])) { username[ strlen(username) - 1] = '\0'; } puts("Please enter your password: "); if (fgets(password, sizeof( password), stdin) == NULL) { /* handle error */ } /* trim off ws at end, including newline */ while (strlen(password) > 0 && isspace( password[ strlen(password) - 1])) { password[ strlen(password) - 1] = '\0'; } if (!strcmp(username, valid_user) && !strcmp(password, valid_password)) { return 0; } return -1; } Get username and password from user, return -1 if invalid */ } void report_error(char const *msg) { char const *error_log; char buffer[24]; sprintf(buffer, "Error: %s", error_log); printf("%s\n", buffer); } int main(void) { if (do_auth() == -1) { report_error("Unable to login"); } return 0; } |
...
VU#925211 in the OpenSSL package for Debian Linux, and other distributions derived from Debian, is said to reference unitialized memory. One might say that unitialized memory caused the vulnerability, but not directly. The original OpenSSL code utilized uninitialized memory as an additional source of randomness to an already-randomly-generated key. This generated good keys, but caused the code-auditing tools Valgrind and Purify to issue warnings. Debian tried to fix the warnings with two changes. One actually eliminated eliminated the unitialized memory access, but the other weakened the randomness of the keys.
...