You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nacl_crypto_box_open() fails intermittently. The exact cause of the problem is the use of strncpy() in nacl_crypto_box() and nacl_crypto_box_open(). strncpy() is not binary safe. When strncpy() encounters a null (0x00) in a string, it stops copying characters. strncpy() is used in these two functions to copy the public_key and secret_key to an array. When the public_key and/or the secret_key contain 0x00 characters, the nacl_crypto_box_open() call will fail to decrypt the encrypted data from nacl_crypto_box() because the keys will be changed internally.
Problem 1
All strncpy() calls must be changed to memcpy(). memcpy is binary safe. There are 21 calls to strncpy() that need to be replaced.
Problem 2
There are numerous memory loss issues with the extension. I used the valgrind memory checker against the extension, and memory loss is occurring with every function call. The extension should not be used until it has been properly debugged with valgrind.
You may also be interested in this project: php-sodium. php-sodium uses libsodium. libsodium is a shared library version of NaCL ported to Linux, Mac, and Windows.
Any ideas why the following test code does not work?
The text was updated successfully, but these errors were encountered: