View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006156 | GNUnet | util library | public | 2020-04-03 12:41 | 2020-07-09 09:17 |
Reporter | fefe | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.13.0 | Fixed in Version | 0.13.0 | ||
Summary | 0006156: Integer overflow in GNUNET_STRINGS_data_to_string | ||||
Description | 875 if (out_size < (size * 8 + 4) / 5) Both size and out_size are function arguments and are size_t. If the caller is tricked by an attacker to give an unreasonably large value for size, then this arithmetic could overflow and fail to detect the error condition, which would lead to memory corruption. | ||||
Tags | No tags attached. | ||||
|
Eh, I already added GNUNET_assert (size < SIZE_MAX / 8 - 4); In response to your first bug of this type. Please 'git pull'. |
|
Already fixed earlier. |
|
0.13.0 released |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-03 12:41 | fefe | New Issue | |
2020-04-03 18:52 | Christian Grothoff | Note Added: 0015513 | |
2020-04-03 18:52 | Christian Grothoff | Assigned To | => Christian Grothoff |
2020-04-03 18:52 | Christian Grothoff | Status | new => resolved |
2020-04-03 18:52 | Christian Grothoff | Resolution | open => fixed |
2020-04-03 18:52 | Christian Grothoff | Fixed in Version | => 0.12.3 |
2020-04-03 18:52 | Christian Grothoff | Note Added: 0015514 | |
2020-04-03 18:52 | Christian Grothoff | Fixed in Version | 0.12.3 => 0.12.2 |
2020-04-03 18:52 | Christian Grothoff | Target Version | => 0.12.2 |
2020-04-23 10:45 | schanzen | Fixed in Version | 0.12.2 => 0.13.0 |
2020-04-23 10:47 | schanzen | Target Version | 0.12.2 => 0.13.0 |
2020-06-01 00:49 |
|
Issue cloned: 0006319 | |
2020-06-01 00:52 |
|
Issue cloned: 0006351 | |
2020-07-09 09:17 | schanzen | Note Added: 0016431 | |
2020-07-09 09:17 | schanzen | Status | resolved => closed |