You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@milagro.apache.org by GitBox <gi...@apache.org> on 2019/06/16 17:46:42 UTC
[GitHub] [incubator-milagro-crypto-c] giorgiozoppi edited a comment on issue
#9: SonarCube review.
giorgiozoppi edited a comment on issue #9: SonarCube review.
URL: https://github.com/apache/incubator-milagro-crypto-c/issues/9#issuecomment-502471532
The solution of the three supposed vulnerability in Sonar, can be done by:
void OCT_toHex(octet *src,char *dst, size_t len)
{
size_t i = 0;
size_t j = 0;
unsigned char ch;
do
{
ch=src->val[i];
snprintf(&dst[i*2],len, "%02x", ch);
i++;
j =i * 2;
} while((i < src->len) && (j < len));
dst[len] =0;
}
But for needed changes the interface and requires the use of snprintf, so mandatory use of C99 and possibily changes on wrapper.
So i propose to keep the original OCT_toHex and declare it deprecated in docs. And create
void OCT_toHex_s(octet *src,char *dst, size_t len) using the above function and replace where it is needed.
Are u ok with this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services