View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006159 | GNUnet | util library | public | 2020-04-03 16:37 | 2020-07-09 09:17 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.13.0 | Fixed in Version | 0.13.0 | ||
| Summary | 0006159: Integer overflow in GNUNET_STRINGS_base64_encode | ||||
| Description | 1865 opt = GNUNET_malloc (2 + (len * 4 / 3) + 8); len is a size_t and caller-supplied. If the caller accidentally or maliciously calls this function with a very large len, then the multiplication will overflow. Recommendation: have a sanity check on len first. | ||||
| Tags | No tags attached. | ||||
|
|
Similar issue a few lines down in GNUNET_STRINGS_base64_decode. |
|
|
Well, and here I was thinking libgnunetutil would be out-of-scope and we'd first audit that code ourselves before having you face the horrors. Well, happy to fix those now. ;-) |
|
|
Should be fixed in 0541fd194..55bff52a2 |
|
|
0.13.0 released |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-03 16:37 | fefe | New Issue | |
| 2020-04-03 16:38 | fefe | Note Added: 0015507 | |
| 2020-04-03 16:57 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2020-04-03 16:57 | Christian Grothoff | Status | new => assigned |
| 2020-04-03 16:59 | Christian Grothoff | Note Added: 0015508 | |
| 2020-04-03 17:08 | Christian Grothoff | Note Added: 0015509 | |
| 2020-04-03 17:08 | Christian Grothoff | Fixed in Version | => 0.12.2 |
| 2020-04-03 17:08 | Christian Grothoff | Target Version | => 0.12.2 |
| 2020-04-03 17:08 | Christian Grothoff | Status | assigned => resolved |
| 2020-04-03 17:08 | Christian Grothoff | Resolution | open => fixed |
| 2020-04-23 10:45 | schanzen | Fixed in Version | 0.12.2 => 0.13.0 |
| 2020-04-23 10:47 | schanzen | Target Version | 0.12.2 => 0.13.0 |
| 2020-06-01 00:49 |
|
Issue cloned: 0006316 | |
| 2020-06-01 00:52 |
|
Issue cloned: 0006348 | |
| 2020-07-09 09:17 | schanzen | Note Added: 0016428 | |
| 2020-07-09 09:17 | schanzen | Status | resolved => closed |
