View Issue Details

IDProjectCategoryView StatusLast Update
0006156GNUnetutil librarypublic2020-07-09 09:17
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.13.0Fixed in Version0.13.0 
Summary0006156: Integer overflow in GNUNET_STRINGS_data_to_string
Description 875 if (out_size < (size * 8 + 4) / 5)

Both size and out_size are function arguments and are size_t.
If the caller is tricked by an attacker to give an unreasonably large value for size, then this arithmetic could overflow and fail to detect the error condition, which would lead to memory corruption.
TagsNo tags attached.

Activities

Christian Grothoff

2020-04-03 18:52

manager   ~0015513

Eh, I already added

  GNUNET_assert (size < SIZE_MAX / 8 - 4);

In response to your first bug of this type. Please 'git pull'.

Christian Grothoff

2020-04-03 18:52

manager   ~0015514

Already fixed earlier.

schanzen

2020-07-09 09:17

manager   ~0016431

0.13.0 released

Issue History

Date Modified Username Field Change
2020-04-03 12:41 fefe New Issue
2020-04-03 18:52 Christian Grothoff Note Added: 0015513
2020-04-03 18:52 Christian Grothoff Assigned To => Christian Grothoff
2020-04-03 18:52 Christian Grothoff Status new => resolved
2020-04-03 18:52 Christian Grothoff Resolution open => fixed
2020-04-03 18:52 Christian Grothoff Fixed in Version => 0.12.3
2020-04-03 18:52 Christian Grothoff Note Added: 0015514
2020-04-03 18:52 Christian Grothoff Fixed in Version 0.12.3 => 0.12.2
2020-04-03 18:52 Christian Grothoff Target Version => 0.12.2
2020-04-23 10:45 schanzen Fixed in Version 0.12.2 => 0.13.0
2020-04-23 10:47 schanzen Target Version 0.12.2 => 0.13.0
2020-06-01 00:49 Adminknox Issue cloned: 0006319
2020-06-01 00:52 Adminknox Issue cloned: 0006351
2020-07-09 09:17 schanzen Note Added: 0016431
2020-07-09 09:17 schanzen Status resolved => closed