View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008042 | GNUnet | util library | public | 2024-01-09 12:23 | 2024-03-07 20:26 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 0.21.0 | ||||
| Summary | 0008042: GNUNET_JSON_from_data: integer overflow | ||||
| Description | 30 json_t * 31 GNUNET_JSON_from_data (const void *data, 32 size_t size) 33 { 34 char *buf; 35 json_t *json; 36 37 if ((size * 8 + 4) / 5 + 1 >= 38 GNUNET_MAX_MALLOC_CHECKED) If the caller was tricked and gives us an unreasonably big value for size, this arithmetic will overflow and we might clobber memory. | ||||
| Additional Information | All the arithmetic is basically superfluous anyway, since we compare to 10 MiB and not the largest possible value. We could just compare size directly to a different constant. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-09 12:23 | fefe | New Issue | |
| 2024-01-09 12:25 | fefe | Issue cloned: 0008043 | |
| 2024-01-09 19:18 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2024-01-09 19:18 | Christian Grothoff | Status | new => resolved |
| 2024-01-09 19:18 | Christian Grothoff | Resolution | open => fixed |
| 2024-01-09 19:18 | Christian Grothoff | Note Added: 0020848 | |
| 2024-01-09 20:10 | Christian Grothoff | Project | Taler => GNUnet |
| 2024-01-09 20:10 | Christian Grothoff | Category | other => util library |
| 2024-03-07 20:26 | schanzen | Fixed in Version | => 0.21.0 |
| 2024-03-07 20:26 | schanzen | Note Added: 0021804 | |
| 2024-03-07 20:26 | schanzen | Status | resolved => closed |
