0006156: Integer overflow in GNUNET_STRINGS_data_to_string

ID	Project	Category	View Status	Date Submitted	Last Update

0006156	GNUnet	util library	public	2020-04-03 12:41	2020-07-09 09:17

Reporter	fefe	Assigned To	Christian Grothoff
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	fixed
Product Version	Git master
Target Version	0.13.0	Fixed in Version	0.13.0

Summary	0006156: Integer overflow in GNUNET_STRINGS_data_to_string
Description	875 if (out_size < (size * 8 + 4) / 5) Both size and out_size are function arguments and are size_t. If the caller is tricked by an attacker to give an unreasonably large value for size, then this arithmetic could overflow and fail to detect the error condition, which would lead to memory corruption.
Tags	No tags attached.

Christian Grothoff 2020-04-03 18:52 manager ~0015513	Eh, I already added GNUNET_assert (size < SIZE_MAX / 8 - 4); In response to your first bug of this type. Please 'git pull'.

Christian Grothoff 2020-04-03 18:52 manager ~0015514	Already fixed earlier.

schanzen 2020-07-09 09:17 administrator ~0016431	0.13.0 released

Date Modified	Username	Field	Change
2020-04-03 12:41	fefe	New Issue
2020-04-03 18:52	Christian Grothoff	Note Added: 0015513
2020-04-03 18:52	Christian Grothoff	Assigned To	=> Christian Grothoff
2020-04-03 18:52	Christian Grothoff	Status	new => resolved
2020-04-03 18:52	Christian Grothoff	Resolution	open => fixed
2020-04-03 18:52	Christian Grothoff	Fixed in Version	=> 0.12.3
2020-04-03 18:52	Christian Grothoff	Note Added: 0015514
2020-04-03 18:52	Christian Grothoff	Fixed in Version	0.12.3 => 0.12.2
2020-04-03 18:52	Christian Grothoff	Target Version	=> 0.12.2
2020-04-23 10:45	schanzen	Fixed in Version	0.12.2 => 0.13.0
2020-04-23 10:47	schanzen	Target Version	0.12.2 => 0.13.0
2020-06-01 00:49	~~Adminknox~~	Issue cloned: 0006319
2020-06-01 00:52	~~Adminknox~~	Issue cloned: 0006351
2020-07-09 09:17	schanzen	Note Added: 0016431
2020-07-09 09:17	schanzen	Status	resolved => closed