Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security flaw, access of freed memory #185

Open
grantila opened this issue Nov 27, 2018 · 0 comments
Open

Security flaw, access of freed memory #185

grantila opened this issue Nov 27, 2018 · 0 comments

Comments

@grantila
Copy link

First of all, I don't use this package so I won't participate further, just want to let you know.

While investigating a bit of the event-stream "issue", I found that the guy who stole bitcoin wallets for a few months had a "fork" (non github fork) of node-scrypt, made a change to unsafe code in this package.

scrypt_common.cc:

std::string scrypt_err_description = InternalErrorDescr(base_error);
...
return scrypt_err_description.c_str();

You're returning a pointer to freed memory. Or rather, to potentially freed memory. std::string has a lot of different and clever implementations of re-using memory, so having references to data which "look" freed is not just entirely broken, but a security issue. Could potentially be exploited to execute arbitrary code (e.g. if a string can overwrite what will eventually end up in a system call).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant