Telodendria/Cytoplasm
Telodendria/Cytoplasm
3
3
Fork 5
Code Issues 17 Pull requests 2 Projects Releases 2 Packages Activity Actions

ShaToHex can treat a 0x00 byte in a hash as a 'end-of-hash' #42

New issue
Closed
opened 2024-08-01 21:07:09 +00:00 by lda · 1 comment
lda commented 2024-08-01 21:07:09 +00:00
Contributor
Copy link

Functions like Sha256 can generate bytestreams with a 0-byte with them(e.g: the string zJ9hc5zKoul4d0QPaxW2eTG0E76qvh3hoGow3mrL6bk= provides the hash 0x7c557e7b00f0a38e788871f6cd962138dfc51463b1e078cdd6787e745e764b5a, which does have a NULL byte in it. ShaToHex may then process it as an 'end-of-hash', causing the string to end, generating a rather short 7c557e7b.

A solution to that may be to allocate metadata(for the size/generated hash) alongside, then shift out the metadata to return a pointer towards the generated hash, which could be reversed to get back the original metadata too. However, such method wouldn't be Freeable directly (which may be excepted), and there may be some scenarios where a value passed to ShaToHex may just be from a function that isn't Sha1/Sha256 (though rare), and that may not produce such behaviour.
I'll need to think more about if doing that is desirable, instead of making a specific structure dedicated for storing raw SHA hashes.

Functions like `Sha256` *can* generate bytestreams with a 0-byte with them(e.g: the string `zJ9hc5zKoul4d0QPaxW2eTG0E76qvh3hoGow3mrL6bk=` provides the hash 0x7c557e7b`00`f0a38e788871f6cd962138dfc51463b1e078cdd6787e745e764b5a, which does have a NULL byte in it. `ShaToHex` may then process it as an 'end-of-hash', causing the string to end, generating a rather short `7c557e7b`. A solution to that may be to allocate metadata(for the size/generated hash) alongside, then *shift* out the metadata to return a pointer towards the generated hash, which could be reversed to get back the original metadata too. However, such method *wouldn't* be `Free`able directly (which may be excepted), and there may be some scenarios where a value passed to `ShaToHex` may just be from a function that isn't `Sha1`/`Sha256` (though rare), and that may not produce such behaviour. I'll need to think more about if doing that is desirable, instead of making a specific structure dedicated for storing raw SHA hashes.
jordan commented 2024-08-09 13:31:18 +00:00
Owner
Copy link

That's a very good observation. Wouldn't it be easier if we just pass the length (or type as a constant, like SHA_SHA1 or SHA_SHA256 as a parameter to ShaToHex()? Something like this:

ShaToHex(hash, SHA_SHA256) if hash is a SHA-256.

That's a very good observation. Wouldn't it be easier if we just pass the length (or type as a constant, like `SHA_SHA1` or `SHA_SHA256` as a parameter to `ShaToHex()`? Something like this: `ShaToHex(hash, SHA_SHA256)` if `hash` is a SHA-256.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v0.4.1
v0.4.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Telodendria/Cytoplasm#42
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?