View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006155 | GNUnet | util library | public | 2020-04-03 12:25 | 2020-07-09 09:17 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.13.0 | Fixed in Version | 0.13.0 | ||
| Summary | 0006155: Integer overflow in GNUNET_STRINGS_pp2s | ||||
| Description | 99 char * 100 GNUNET_STRINGS_pp2s (const struct GNUNET_PeerIdentity *pids, 101 unsigned int num_pids) 102 { 103 char *buf; 104 size_t off; 105 size_t plen = num_pids * 5 + 1; 106 107 off = 0; 108 buf = GNUNET_malloc (plen); The arithmetic on line 105 can overflow. The integer promotion from 32-bit int to 64-bit size_t will only happen at the assignment, after the multiplication has already overflown. | ||||
| Tags | No tags attached. | ||||
|
|
Ok, so you are doing an audit of libgnunetutil now. Because that code I am 100% sure is NOT reachable for Taler ;-). |
|
|
Fixed in bc01117ce..6fd24eef2. Let me know if giving you Git commit on gnunet.git would be more productive for these kinds of bugs. |
|
|
0.13.0 released |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-03 12:25 | fefe | New Issue | |
| 2020-04-03 18:50 | Christian Grothoff | Note Added: 0015511 | |
| 2020-04-03 18:50 | Christian Grothoff | Note Added: 0015512 | |
| 2020-04-03 18:51 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2020-04-03 18:51 | Christian Grothoff | Status | new => resolved |
| 2020-04-03 18:51 | Christian Grothoff | Resolution | open => fixed |
| 2020-04-03 18:51 | Christian Grothoff | Fixed in Version | => 0.12.2 |
| 2020-04-03 18:51 | Christian Grothoff | Target Version | => 0.12.2 |
| 2020-04-23 10:45 | schanzen | Fixed in Version | 0.12.2 => 0.13.0 |
| 2020-04-23 10:47 | schanzen | Target Version | 0.12.2 => 0.13.0 |
| 2020-06-01 00:49 |
|
Issue cloned: 0006320 | |
| 2020-06-01 00:52 |
|
Issue cloned: 0006352 | |
| 2020-07-09 09:17 | schanzen | Note Added: 0016432 | |
| 2020-07-09 09:17 | schanzen | Status | resolved => closed |
