View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008043 | GNUnet | util library | public | 2024-01-09 12:25 | 2024-03-07 20:26 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 0.21.0 | ||||
| Summary | 0008043: GNUNET_JSON_from_data64: integer overflow | ||||
| Description | 52 json_t * 53 GNUNET_JSON_from_data64 (const void *data, 54 size_t size) 55 { 56 char *buf = NULL; 57 json_t *json; 58 size_t len; 59 60 if ((size * 8 + 5) / 6 + 1 >= 61 GNUNET_MAX_MALLOC_CHECKED) 62 { 63 GNUNET_break (0); 64 return NULL; 65 } If the caller was tricked and gives us an unreasonably big value for size, this arithmetic will overflow and we might clobber memory. | ||||
| Additional Information | All the arithmetic is basically superfluous anyway, since we compare to 10 MiB and not the largest possible value. We could just compare size directly to a different constant. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-09 12:25 | fefe | New Issue | |
| 2024-01-09 12:25 | fefe | Issue generated from: 0008042 | |
| 2024-01-09 19:16 | Christian Grothoff | Changeset attached | => gnunet master 1a82df7c |
| 2024-01-09 19:16 | Christian Grothoff | Note Added: 0020847 | |
| 2024-01-09 19:16 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2024-01-09 19:16 | Christian Grothoff | Status | new => resolved |
| 2024-01-09 19:16 | Christian Grothoff | Resolution | open => fixed |
| 2024-01-09 20:10 | Christian Grothoff | Project | Taler => GNUnet |
| 2024-01-09 20:10 | Christian Grothoff | Category | other => util library |
| 2024-03-07 20:26 | schanzen | Fixed in Version | => 0.21.0 |
| 2024-03-07 20:26 | schanzen | Note Added: 0021803 | |
| 2024-03-07 20:26 | schanzen | Status | resolved => closed |
