View Issue Details

IDProjectCategoryView StatusLast Update
0006156GNUnetutil librarypublic2020-04-23 10:47
ReporterfefeAssigned ToChristian Grothoff 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.13.0Fixed in Version0.13.0 
Summary0006156: Integer overflow in GNUNET_STRINGS_data_to_string
Description 875 if (out_size < (size * 8 + 4) / 5)

Both size and out_size are function arguments and are size_t.
If the caller is tricked by an attacker to give an unreasonably large value for size, then this arithmetic could overflow and fail to detect the error condition, which would lead to memory corruption.
TagsNo tags attached.

Activities

Christian Grothoff

2020-04-03 18:52

manager   ~0015513

Eh, I already added

  GNUNET_assert (size < SIZE_MAX / 8 - 4);

In response to your first bug of this type. Please 'git pull'.

Christian Grothoff

2020-04-03 18:52

manager   ~0015514

Already fixed earlier.

Issue History

Date Modified Username Field Change
2020-04-03 12:41 fefe New Issue
2020-04-03 18:52 Christian Grothoff Note Added: 0015513
2020-04-03 18:52 Christian Grothoff Assigned To => Christian Grothoff
2020-04-03 18:52 Christian Grothoff Status new => resolved
2020-04-03 18:52 Christian Grothoff Resolution open => fixed
2020-04-03 18:52 Christian Grothoff Fixed in Version => 0.12.3
2020-04-03 18:52 Christian Grothoff Note Added: 0015514
2020-04-03 18:52 Christian Grothoff Fixed in Version 0.12.3 => 0.12.2
2020-04-03 18:52 Christian Grothoff Target Version => 0.12.2
2020-04-23 10:45 schanzen Fixed in Version 0.12.2 => 0.13.0
2020-04-23 10:47 schanzen Target Version 0.12.2 => 0.13.0