Skip to content

libtmlib.so and libpbkdf2_native.so does not have any fortified functions #72

@SirionRazzer

Description

@SirionRazzer

Discussed in https://github.com/orgs/talsec/discussions/70

Originally posted by Pascal-Orthopy June 5, 2025
we are using freerasp in one of our Flutter projects and when we analyze the release apk with MobSF, we get some warnings about the libtmlib.so and libpbkdf2_native.so binaries:

"The binary does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions. This check is not applicable for Dart/Flutter libraries."

This point was also mentioned by one of our pentesters. All other libraries (like Sentry) pass this test.
Can anyone verify that Freerasp does not use Fortify flags and if so why? If this is the case, it would also be interesting to know if the problem can be fixed.

Many thanks in advance

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions