View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006219Talerexchangepublic2020-04-23 15:202021-09-02 18:14
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version0.7.0 
Target Version0.7.1Fixed in Version0.7.1 
Summary0006219: integer overflow in calculate_argument_length
DescriptionIn exchange/src/util/url.c:

130 static size_t
131 calculate_argument_length (va_list args)
132 {
133 size_t len = 0;
134 va_list ap;
135
136 va_copy (ap,
137 args);
138 while (1)
139 {
140 char *key;
141 char *value;
142
143 key = va_arg (ap,
144 char *);
145 if (NULL == key)
146 break;
147 value = va_arg (ap,
148 char *);
149 if (NULL == value)
150 continue;
151 len += urlencode_len (value) + strlen (key) + 2;
152 }
153 va_end (ap);
154 return len;
155 }

This should have checks for integer overflow. This function may be static but it is exposed via a public API in the same file.
TagsNo tags attached.

Activities

fefe

2020-04-23 15:24

developer   ~0015762

On the other hand the exposing function uses dynamic reallocation functions that detect the overflow case.

Christian Grothoff

2020-04-23 15:27

manager   ~0015763

Fixed in 051ccdf0..7666542a

Christian Grothoff

2021-09-02 18:14

manager   ~0018255

Fix committed to master branch.

Related Changesets

exchange: master 7666542a

2020-04-23 17:22

Christian Grothoff


Details Diff		 fix 0006219 Affected Issues
0006219
mod - src/util/url.c Diff File

Issue History

Date Modified Username Field Change
2020-04-23 15:20 fefe New Issue
2020-04-23 15:20 fefe Status new => assigned
2020-04-23 15:20 fefe Assigned To => Christian Grothoff
2020-04-23 15:24 fefe Note Added: 0015762
2020-04-23 15:27 Christian Grothoff Status assigned => resolved
2020-04-23 15:27 Christian Grothoff Resolution open => fixed
2020-04-23 15:27 Christian Grothoff Fixed in Version => 0.7.1
2020-04-23 15:27 Christian Grothoff Note Added: 0015763
2020-04-23 15:27 Christian Grothoff Target Version => 0.7.1
2021-08-24 16:23 Christian Grothoff Status resolved => closed
2021-09-02 18:13 Christian Grothoff Changeset attached => Taler-exchange master 7666542a
2021-09-02 18:14 Christian Grothoff Note Added: 0018255