View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006172 | Taler | exchange | public | 2020-04-09 15:28 | 2021-08-24 16:23 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.7.0 | ||||
| Target Version | 0.7.1 | Fixed in Version | 0.7.1 | ||
| Summary | 0006172: Are 32-bit builds supported? | ||||
| Description | If 32-bit builds are also supported, you might want to change this code in TALER_BANK_prepare_transfer: 94 if ( (d_len > (size_t) UINT32_MAX) || 95 (u_len > (size_t) UINT32_MAX) ) 96 { 97 GNUNET_break (0); /* that's some long URL... */ 98 *buf = NULL; 99 *buf_size = 0; 100 return; 101 } 102 *buf_size = sizeof (*wp) + d_len + u_len; 103 wp = GNUNET_malloc (*buf_size); On 32-bit builds size_t is as big as uint32_t. I think it would be safe to use UINT16_MAX or even INT16_MAX on all platforms, as we are talking about URLs here. Web servers tend to have something like an 8k (or maybe 16k) limit on the whole request. | ||||
| Tags | No tags attached. | ||||
|
|
Yes, we do want to support 32-bit builds. 16-bit platforms (including 16-bit 'int') are not expected to be well-supported. Anyway, looking at the code, it is pretty clear that an integer addition overflow in line 102 is not properly guarded against, but moreover we failed to enforce GNUNET_MAX_MALLOC_CHECKED (= 40 MB). I'll change it like this: if ( (d_len >= (size_t) GNUNET_MAX_MALLOC_CHECKED) || (u_len >= (size_t) GNUNET_MAX_MALLOC_CHECKED) || (d_len + u_len + sizeof (*wp) >= GNUNET_MAX_MALLOC_CHECKED) ) { GNUNET_break (0); /* that's some long URL... */ *buf = NULL; *buf_size = 0; return; } Change in 2844a9a7..dccb300b. I'm 'resolving' the bug because I _assume_ this fully addresses the concern. If not, please reopen and explain better. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-09 15:28 | fefe | New Issue | |
| 2020-04-09 15:28 | fefe | Status | new => assigned |
| 2020-04-09 15:28 | fefe | Assigned To | => Christian Grothoff |
| 2020-04-09 15:54 | Christian Grothoff | Note Added: 0015604 | |
| 2020-04-09 15:55 | Christian Grothoff | Status | assigned => resolved |
| 2020-04-09 15:55 | Christian Grothoff | Resolution | open => fixed |
| 2020-04-09 15:55 | Christian Grothoff | Fixed in Version | => 0.7.1 |
| 2020-04-09 15:55 | Christian Grothoff | Target Version | => 0.7.1 |
| 2021-08-24 16:23 | Christian Grothoff | Status | resolved => closed |
