View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008050GNUnetutil librarypublic2024-01-09 18:222024-03-07 20:25
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionreopened 
Fixed in Version0.21.0 
Summary0008050: GNUNET_STRINGS_parse_ipv6_policy: integer overflow
DescriptionThis is in gnunet/src/lib/util/strings.c:

1474 unsigned int count;

1476 unsigned int len;

1491 len = strlen (routeListX);

len should be a size_t to prevent truncation here.

1495 count = 0;
1496 for (i = 0; i < len; i++)
1497 if (';' == routeList[i])
1498 count++;

count could be arbitrarily large here, up to and including 0xffffffff.

1508 result = GNUNET_malloc (sizeof(struct GNUNET_STRINGS_IPv6NetworkPolicy)
1509 * (count + 1));

The fact that count is an unsigned int, the multiplication cannot overflow, but the addition can, leading to a 0 byte allocation.
count should be a size_t and there should be integer overflow checking here.
TagsNo tags attached.

Activities

Christian Grothoff

2024-01-09 19:49

manager   ~0020853

Fix committed to master branch.

schanzen

2024-03-01 11:19

administrator   ~0021598

The fix causes tests in util for fail and other palces as well where this is parsed
in particular test_regex in util for a simple case but parsers in transport communicators also seem to be affected.

Christian Grothoff

2024-03-01 12:32

manager   ~0021601

Fixed regression in 505d22064..08c15135e

schanzen

2024-03-07 20:25

administrator   ~0021794

0.21 released

Related Changesets

gnunet: master 9746a780

2024-01-09 20:49

Christian Grothoff


Details Diff		 fix 0008050 (plus more code cleanup) Affected Issues
0008050
mod - src/lib/util/strings.c Diff File

Issue History

Date Modified Username Field Change
2024-01-09 18:22 fefe New Issue
2024-01-09 19:49 Christian Grothoff Changeset attached => gnunet master 9746a780
2024-01-09 19:49 Christian Grothoff Note Added: 0020853
2024-01-09 19:49 Christian Grothoff Assigned To => Christian Grothoff
2024-01-09 19:49 Christian Grothoff Status new => resolved
2024-01-09 19:49 Christian Grothoff Resolution open => fixed
2024-01-09 20:10 Christian Grothoff Project Taler => GNUnet
2024-01-09 20:10 Christian Grothoff Category other => util library
2024-03-01 11:19 schanzen Status resolved => feedback
2024-03-01 11:19 schanzen Resolution fixed => reopened
2024-03-01 11:19 schanzen Note Added: 0021598
2024-03-01 12:32 Christian Grothoff Note Added: 0021601
2024-03-01 12:32 Christian Grothoff Status feedback => resolved
2024-03-01 12:32 Christian Grothoff Fixed in Version => 0.21.0
2024-03-07 20:25 schanzen Note Added: 0021794
2024-03-07 20:25 schanzen Status resolved => closed