0006218: integer overflow in buffer_write_urlencode

ID	Project	Category	View Status	Date Submitted	Last Update

0006218	Taler	exchange	public	2020-04-23 15:15	2021-09-02 18:14

Reporter	fefe	Assigned To	Christian Grothoff
Priority	normal	Severity	tweak	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	0.7.0
Target Version	0.7.1	Fixed in Version	0.7.1

Summary	0006218: integer overflow in buffer_write_urlencode
Description	In exchange/src/util/url.c: 83 static void 84 buffer_write_urlencode (struct GNUNET_Buffer buf, 85 const char s) 86 { 87 GNUNET_buffer_ensure_remaining (buf, 88 urlencode_len (s) + 1); If one assumes s could be an arbitrary string (probably not true in this context) the calculation in urlencode_len could overflow and adding the 1 here could overflow as well.
Tags	No tags attached.

Date Modified	Username	Field	Change
2020-04-23 15:15	fefe	New Issue
2020-04-23 15:15	fefe	Status	new => assigned
2020-04-23 15:15	fefe	Assigned To	=> Christian Grothoff
2020-04-23 15:31	Christian Grothoff	Status	assigned => resolved
2020-04-23 15:31	Christian Grothoff	Resolution	open => fixed
2020-04-23 15:31	Christian Grothoff	Fixed in Version	=> 0.7.1
2020-04-23 15:31	Christian Grothoff	Note Added: 0015764
2020-04-23 15:31	Christian Grothoff	Target Version	=> 0.7.1
2020-04-23 15:33	Christian Grothoff	Severity	major => tweak
2021-08-24 16:23	Christian Grothoff	Status	resolved => closed
2021-09-02 18:13	Christian Grothoff	Changeset attached	=> Taler-exchange master 8b99abbe
2021-09-02 18:14	Christian Grothoff	Note Added: 0018254

Christian Grothoff 2020-04-23 15:31 manager ~0015764	7666542a..8b99abbe

Christian Grothoff 2021-09-02 18:14 manager ~0018254	Fix committed to master branch.

exchange: master 8b99abbe 2020-04-23 17:26 Christian Grothoff Details Diff	CSE elimination, fix 0006218		Affected Issues 0006218
	mod - src/util/url.c		Diff File