Golang encrypt message Fix go-crypt()

Question

package main

import(

crypt "github.com/amoghe/go-crypt"
) 

Running the code above gives err:

root@kali:~/Desktop/tools/gos/SUnix# go run crack.go

 github.com/amoghe/go-crypt
/root/go/pkg/mod/github.com/amoghe/go-crypt@v0.0.0-20191109212615-b2ff80594b7f/crypt_r.go: In function ‘gnu_ext_crypt’:
/root/go/pkg/mod/github.com/amoghe/go-crypt@v0.0.0-20191109212615-b2ff80594b7f/crypt_r.go:35:3: warning: 'strncpy' specified bound depends on the length of the source argument...

this is bad image, how can I fix it

Answer 1

This warning is printed by the C compiler (the file crypt_r.go includes inline code in the C language) to warn the author/users that the code includes a potential issue. In this case the warning can be safely ignored but if you want it fixed it's probably best to raise a PR/issue on the appropriate repository .

warning 'strncpy' specified bound depends on the length of the source argument means that it's bad practice to base the length of a string copy on the length of the source; if you do this and the source is longer than the destination buffer then you have a buffer overflow which is bad!. However in this case the destination buffer is created on the line above the strncpy so it's unlikely to be an issue (unless the allocation fails for some reason).

This kind of thing can cause real issues in applications written in C (and many other languages); fortunately go protects you (it will panic rather than overwrite the buffer) unless you use the unsafe package (or include C code!).