libtmlib.so and libpbkdf2_native.so does not have any fortified functions #72
Description
Discussed in https://github.com/orgs/talsec/discussions/70
Originally posted by Pascal-Orthopy June 5, 2025
we are using freerasp in one of our Flutter projects and when we analyze the release apk with MobSF, we get some warnings about the libtmlib.so and libpbkdf2_native.so binaries:
"The binary does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions. This check is not applicable for Dart/Flutter libraries."
This point was also mentioned by one of our pentesters. All other libraries (like Sentry) pass this test.
Can anyone verify that Freerasp does not use Fortify flags and if so why? If this is the case, it would also be interesting to know if the problem can be fixed.
Many thanks in advance