View Issue Details

IDProjectCategoryView StatusLast Update
0006155GNUnetutil librarypublic2020-04-23 10:47
ReporterfefeAssigned ToChristian Grothoff 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.13.0Fixed in Version0.13.0 
Summary0006155: Integer overflow in GNUNET_STRINGS_pp2s
Description  99 char *
 100 GNUNET_STRINGS_pp2s (const struct GNUNET_PeerIdentity *pids,
 101 unsigned int num_pids)
 102 {
 103 char *buf;
 104 size_t off;
 105 size_t plen = num_pids * 5 + 1;
 106
 107 off = 0;
 108 buf = GNUNET_malloc (plen);

The arithmetic on line 105 can overflow. The integer promotion from 32-bit int to 64-bit size_t will only happen at the assignment, after the multiplication has already overflown.
TagsNo tags attached.

Activities

Christian Grothoff

2020-04-03 18:50

manager   ~0015511

Ok, so you are doing an audit of libgnunetutil now. Because that code I am 100% sure is NOT reachable for Taler ;-).

Christian Grothoff

2020-04-03 18:50

manager   ~0015512

Fixed in bc01117ce..6fd24eef2. Let me know if giving you Git commit on gnunet.git would be more productive for these kinds of bugs.

Issue History

Date Modified Username Field Change
2020-04-03 12:25 fefe New Issue
2020-04-03 18:50 Christian Grothoff Note Added: 0015511
2020-04-03 18:50 Christian Grothoff Note Added: 0015512
2020-04-03 18:51 Christian Grothoff Assigned To => Christian Grothoff
2020-04-03 18:51 Christian Grothoff Status new => resolved
2020-04-03 18:51 Christian Grothoff Resolution open => fixed
2020-04-03 18:51 Christian Grothoff Fixed in Version => 0.12.2
2020-04-03 18:51 Christian Grothoff Target Version => 0.12.2
2020-04-23 10:45 schanzen Fixed in Version 0.12.2 => 0.13.0
2020-04-23 10:47 schanzen Target Version 0.12.2 => 0.13.0