Talsec
libtmlib.so and libpbkdf2_native.so does not have any fortified functions #70
Unanswered
Pascal-Orthopy
asked this question in
Q&A
Replies: 1 comment
-
|
Hi @Pascal-Orthopy , |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
we are using freerasp in one of our Flutter projects and when we analyze the release apk with MobSF, we get some warnings about the libtmlib.so and libpbkdf2_native.so binaries:
"The binary does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions. This check is not applicable for Dart/Flutter libraries."
This point was also mentioned by one of our pentesters. All other libraries (like Sentry) pass this test.
Can anyone verify that Freerasp does not use Fortify flags and if so why? If this is the case, it would also be interesting to know if the problem can be fixed.
Many thanks in advance
Beta Was this translation helpful? Give feedback.
All reactions