View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009950 | Taler | qtart | public | 2025-05-13 13:51 | 2025-05-15 15:49 |
| Reporter | fefe | Assigned To | avalos | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 1.0 stretch goals | ||||
| Summary | 0009950: unchecked malloc can lead to crash | ||||
| Description | In tart_module.c: 510 hash = malloc(hash_len); 511 512 if (crypto_pwhash(hash, 513 hash_len, 514 (const char*) pw, 515 pw_len, 516 salt, 517 iters, 518 mem_size * 1024, 519 crypto_pwhash_ALG_ARGON2ID13) != 0) { malloc can fail and return NULL, and crypto_pwhash does not check if hash is NULL before writing to it. | ||||
| Tags | security | ||||
|
|
commit 991116d47edc8cd3a71d658f57104c92d03baeee Author: Iván Ávalos <avalos@disroot.org> Date: Thu May 15 15:48:11 2025 +0200 fix unchecked malloc bug 0009950 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-05-13 13:51 | fefe | New Issue | |
| 2025-05-13 14:39 | Christian Grothoff | Assigned To | => avalos |
| 2025-05-13 14:39 | Christian Grothoff | Status | new => assigned |
| 2025-05-15 13:39 | Christian Grothoff | Tag Attached: security | |
| 2025-05-15 13:41 | Christian Grothoff | Target Version | => 1.0 stretch goals |
| 2025-05-15 15:48 | avalos | Note Added: 0024918 | |
| 2025-05-15 15:49 | avalos | Status | assigned => resolved |
| 2025-05-15 15:49 | avalos | Resolution | open => fixed |
