View Issue Details

IDProjectCategoryView StatusLast Update
0006217GNUnetutil librarypublic2020-07-09 09:17
Reporterfefe Assigned ToFlorian Dold  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version0.12.2 
Target Version0.13.0Fixed in Version0.13.0 
Summary0006217: integer overflow in GNUNET_buffer_ensure_remaining
DescriptionIn gnunet/src/util/buffer.c:

 53 void
 54 GNUNET_buffer_ensure_remaining (struct GNUNET_Buffer *buf, size_t n)
 55 {
 56 size_t new_capacity = buf->position + n;
 57
 58 if (new_capacity <= buf->capacity)
 59 return;

If n is unreasonably large, this arithmetic can overflow leading to the function returning without actually providing enough space.
This can lead to memory corruption and crashing.
TagsNo tags attached.

Activities

Florian Dold

2020-04-24 10:26

developer   ~0015776

Fixed in 892bd3c60

schanzen

2020-07-09 09:17

manager   ~0016421

0.13.0 released

Issue History

Date Modified Username Field Change
2020-04-23 15:12 fefe New Issue
2020-04-23 15:52 Florian Dold Assigned To => Florian Dold
2020-04-23 15:52 Florian Dold Status new => assigned
2020-04-24 10:26 Florian Dold Status assigned => resolved
2020-04-24 10:26 Florian Dold Resolution open => fixed
2020-04-24 10:26 Florian Dold Note Added: 0015776
2020-04-24 10:30 schanzen Fixed in Version => 0.13.0
2020-04-24 10:30 schanzen Target Version => 0.13.0
2020-06-01 00:49 Adminknox Issue cloned: 0006307
2020-06-01 00:52 Adminknox Issue cloned: 0006340
2020-07-09 09:17 schanzen Note Added: 0016421
2020-07-09 09:17 schanzen Status resolved => closed