View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006219 | Taler | exchange | public | 2020-04-23 15:20 | 2021-09-02 18:14 |
Reporter | fefe | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 0.7.0 | ||||
Target Version | 0.7.1 | Fixed in Version | 0.7.1 | ||
Summary | 0006219: integer overflow in calculate_argument_length | ||||
Description | In exchange/src/util/url.c: 130 static size_t 131 calculate_argument_length (va_list args) 132 { 133 size_t len = 0; 134 va_list ap; 135 136 va_copy (ap, 137 args); 138 while (1) 139 { 140 char *key; 141 char *value; 142 143 key = va_arg (ap, 144 char *); 145 if (NULL == key) 146 break; 147 value = va_arg (ap, 148 char *); 149 if (NULL == value) 150 continue; 151 len += urlencode_len (value) + strlen (key) + 2; 152 } 153 va_end (ap); 154 return len; 155 } This should have checks for integer overflow. This function may be static but it is exposed via a public API in the same file. | ||||
Tags | No tags attached. | ||||
|
On the other hand the exposing function uses dynamic reallocation functions that detect the overflow case. |
|
Fixed in 051ccdf0..7666542a |
|
Fix committed to master branch. |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-23 15:20 | fefe | New Issue | |
2020-04-23 15:20 | fefe | Status | new => assigned |
2020-04-23 15:20 | fefe | Assigned To | => Christian Grothoff |
2020-04-23 15:24 | fefe | Note Added: 0015762 | |
2020-04-23 15:27 | Christian Grothoff | Status | assigned => resolved |
2020-04-23 15:27 | Christian Grothoff | Resolution | open => fixed |
2020-04-23 15:27 | Christian Grothoff | Fixed in Version | => 0.7.1 |
2020-04-23 15:27 | Christian Grothoff | Note Added: 0015763 | |
2020-04-23 15:27 | Christian Grothoff | Target Version | => 0.7.1 |
2021-08-24 16:23 | Christian Grothoff | Status | resolved => closed |
2021-09-02 18:13 | Christian Grothoff | Changeset attached | => Taler-exchange master 7666542a |
2021-09-02 18:14 | Christian Grothoff | Note Added: 0018255 |