Apart from the issues addressed by the currently unmerged PR #5, I found an undefined behavior issue in pointer-struct.c which might cause the program to reject valid input.
The issue is that the gen_password() function allocates and initializes a string to hold the generated password, but it does not add a null terminator:
int gen_password(struct userinfo* info){
int count = strlen(info->username);
int x = 0;
char * pass = malloc(count);
for(x = 0; x < count; x++){
pass[x] = ((char)info->username[x] + (char)info->key)^ (char)info->realKey;
pass[x] = pass[x] - 0x13;
}
info->password = pass;
return 0;
}The main() function then calls strlen() on that string, which is undefined behavior due to the string not being null-terminated:
for(pwordLen = 0; pwordLen < strlen(info.password);pwordLen++ ){This might cause the loop to iterate too many times, breaking the logic.
edit: Session 3's files binary suffers from the same issue. However, the source code for it, file.c, was fixed in this commit, so the binary just needs to be rebuilt.
Apart from the issues addressed by the currently unmerged PR #5, I found an undefined behavior issue in
pointer-struct.cwhich might cause the program to reject valid input.The issue is that the
gen_password()function allocates and initializes a string to hold the generated password, but it does not add a null terminator:The
main()function then callsstrlen()on that string, which is undefined behavior due to the string not being null-terminated:This might cause the loop to iterate too many times, breaking the logic.
edit: Session 3's
filesbinary suffers from the same issue. However, the source code for it,file.c, was fixed in this commit, so the binary just needs to be rebuilt.