View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009288GNUnetutil librarypublic2024-10-22 14:062024-10-23 13:25
Reporterfefe Assigned Toschanzen  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version0.22.2 
Summary0009288: GNUNET_hex2b: buffer overflow
DescriptionThis function looks highly dangerous:

  1525 size_t
  1526 GNUNET_hex2b (const char *src, void *dst, size_t dstlen, int invert)
  1527 {
  1528 const char *line = src;
  1529 const char *data = line;
  1530 uint8_t *buf = dst;
  1531 int off;
  1532 int read_byte;
  1533 int data_len = 0;
  1534
  1535 while (sscanf (data, " %02x%n", &read_byte, &off) == 1)
  1536 {
  1537 if (invert)
  1538 buf[dstlen - 1 - data_len++] = read_byte;
  1539 else
  1540 buf[data_len++] = read_byte;
  1541 data += off;
  1542 }
  1543 return data_len;
  1544 }

Note how dstlen is not used to limit how many decoded bytes are written.
TagsNo tags attached.

Activities

schanzen

2024-10-23 13:25

administrator   ~0023570

Fix committed to master branch.

Related Changesets

gnunet: master 0a88f99b

2024-10-23 15:24

schanzen


Details Diff		 util: Bounds checking for hex2b output. Fixes 0009288 Affected Issues
0009288
mod - src/lib/util/common_logging.c Diff File

Issue History

Date Modified Username Field Change
2024-10-22 14:06 fefe New Issue
2024-10-23 13:17 schanzen Assigned To => schanzen
2024-10-23 13:17 schanzen Status new => assigned
2024-10-23 13:19 schanzen Target Version => 0.22.2
2024-10-23 13:25 schanzen Changeset attached => gnunet master 0a88f99b
2024-10-23 13:25 schanzen Note Added: 0023570
2024-10-23 13:25 schanzen Status assigned => resolved
2024-10-23 13:25 schanzen Resolution open => fixed