View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008102 | Taler | exchange | public | 2024-01-18 13:15 | 2024-03-07 20:47 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 0.9.4 | Fixed in Version | 0.9.4 | ||
| Summary | 0008102: append_signature: buffer overflow | ||||
| Description | 213 static void 214 append_signature (struct SignatureContext *sig_ctx, 215 unsigned int group_offset, 216 unsigned int offset, 217 const struct TALER_MasterSignatureP *master_sig) 218 { 219 struct SignatureElement *element; 220 unsigned int new_size; 221 222 if (sig_ctx->elements_pos == sig_ctx->elements_size) 223 { 224 if (0 == sig_ctx->elements_size) 225 new_size = 1024; 226 else 227 new_size = sig_ctx->elements_size; 228 GNUNET_array_grow (sig_ctx->elements, 229 sig_ctx->elements_size, 230 new_size); 231 } We enter the if statement if the array is full and we need to reallocate. But then we don't grow the size in line 227. The case probably never happened, 1024 signatures appears to be enough for the common case. But if someone needs more signatures, this array_grow becomes a no-op and we write out of bounds. 232 element = &sig_ctx->elements[sig_ctx->elements_pos++]; | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-18 13:15 | fefe | New Issue | |
| 2024-01-18 13:15 | fefe | Status | new => assigned |
| 2024-01-18 13:15 | fefe | Assigned To | => Christian Grothoff |
| 2024-01-18 13:23 | Christian Grothoff | Status | assigned => resolved |
| 2024-01-18 13:23 | Christian Grothoff | Resolution | open => fixed |
| 2024-01-18 13:23 | Christian Grothoff | Fixed in Version | => 0.9.4 |
| 2024-01-18 13:23 | Christian Grothoff | Severity | minor => major |
| 2024-01-18 13:23 | Christian Grothoff | Product Version | => git (master) |
| 2024-01-18 13:23 | Christian Grothoff | Target Version | => 0.9.4 |
| 2024-01-18 23:31 | Christian Grothoff | Relationship added | child of 0008112 |
| 2024-01-22 17:02 | Christian Grothoff | Status | resolved => assigned |
| 2024-01-22 17:02 | Christian Grothoff | Note Added: 0020958 | |
| 2024-01-22 17:03 | Christian Grothoff | Status | assigned => resolved |
| 2024-03-07 20:47 | Christian Grothoff | Status | resolved => closed |
