View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008051 | GNUnet | util library | public | 2024-01-09 18:33 | 2024-03-07 20:26 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 0.21.0 | ||||
| Summary | 0008051: GNUNET_STRINGS_base64_encode: integer overflow | ||||
| Description | This is in gnunet/src/lib/util/strings.c: 1607 size_t 1608 GNUNET_STRINGS_base64_encode (const void *in, 1609 size_t len, 1610 char **output) 1611 { 1612 const unsigned char *data = in; 1613 size_t ret; 1614 char *opt; 1615 1616 ret = 0; 1617 GNUNET_assert (len < SIZE_MAX / 4 * 3); 1618 opt = GNUNET_malloc (2 + (len * 4 / 3) + 8); The maximum value of len that passes through line 1617 is 0xbffffffd (using 32-bit for illustration). That causes an overflow in line 1618 when multiplying by 4. The maximum value that will not cause overflow (and then memory corruption) is SIZE_MAX / 4. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-09 18:33 | fefe | New Issue | |
| 2024-01-09 19:38 | Christian Grothoff | Changeset attached | => gnunet master 9ef19ec6 |
| 2024-01-09 19:38 | Christian Grothoff | Note Added: 0020852 | |
| 2024-01-09 19:38 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2024-01-09 19:38 | Christian Grothoff | Status | new => resolved |
| 2024-01-09 19:38 | Christian Grothoff | Resolution | open => fixed |
| 2024-01-09 20:10 | Christian Grothoff | Project | Taler => GNUnet |
| 2024-01-09 20:10 | Christian Grothoff | Category | other => util library |
| 2024-03-07 20:26 | schanzen | Fixed in Version | => 0.21.0 |
| 2024-03-07 20:26 | schanzen | Note Added: 0021796 | |
| 2024-03-07 20:26 | schanzen | Status | resolved => closed |
