View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006217 | GNUnet | util library | public | 2020-04-23 15:12 | 2020-07-09 09:17 |
Reporter | fefe | Assigned To | Florian Dold | ||
Priority | normal | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 0.12.2 | ||||
Target Version | 0.13.0 | Fixed in Version | 0.13.0 | ||
Summary | 0006217: integer overflow in GNUNET_buffer_ensure_remaining | ||||
Description | In gnunet/src/util/buffer.c: 53 void 54 GNUNET_buffer_ensure_remaining (struct GNUNET_Buffer *buf, size_t n) 55 { 56 size_t new_capacity = buf->position + n; 57 58 if (new_capacity <= buf->capacity) 59 return; If n is unreasonably large, this arithmetic can overflow leading to the function returning without actually providing enough space. This can lead to memory corruption and crashing. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-23 15:12 | fefe | New Issue | |
2020-04-23 15:52 | Florian Dold | Assigned To | => Florian Dold |
2020-04-23 15:52 | Florian Dold | Status | new => assigned |
2020-04-24 10:26 | Florian Dold | Status | assigned => resolved |
2020-04-24 10:26 | Florian Dold | Resolution | open => fixed |
2020-04-24 10:26 | Florian Dold | Note Added: 0015776 | |
2020-04-24 10:30 | schanzen | Fixed in Version | => 0.13.0 |
2020-04-24 10:30 | schanzen | Target Version | => 0.13.0 |
2020-06-01 00:49 |
|
Issue cloned: 0006307 | |
2020-06-01 00:52 |
|
Issue cloned: 0006340 | |
2020-07-09 09:17 | schanzen | Note Added: 0016421 | |
2020-07-09 09:17 | schanzen | Status | resolved => closed |