View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009288 | GNUnet | util library | public | 2024-10-22 14:06 | 2024-10-29 20:56 |
| Reporter | fefe | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Target Version | 0.22.2 | Fixed in Version | 0.22.2 | ||
| Summary | 0009288: GNUNET_hex2b: buffer overflow | ||||
| Description | This function looks highly dangerous: 1525 size_t 1526 GNUNET_hex2b (const char *src, void *dst, size_t dstlen, int invert) 1527 { 1528 const char *line = src; 1529 const char *data = line; 1530 uint8_t *buf = dst; 1531 int off; 1532 int read_byte; 1533 int data_len = 0; 1534 1535 while (sscanf (data, " %02x%n", &read_byte, &off) == 1) 1536 { 1537 if (invert) 1538 buf[dstlen - 1 - data_len++] = read_byte; 1539 else 1540 buf[data_len++] = read_byte; 1541 data += off; 1542 } 1543 return data_len; 1544 } Note how dstlen is not used to limit how many decoded bytes are written. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-10-22 14:06 | fefe | New Issue | |
| 2024-10-23 13:17 | schanzen | Assigned To | => schanzen |
| 2024-10-23 13:17 | schanzen | Status | new => assigned |
| 2024-10-23 13:19 | schanzen | Target Version | => 0.22.2 |
| 2024-10-23 13:25 | schanzen | Changeset attached | => gnunet master 0a88f99b |
| 2024-10-23 13:25 | schanzen | Note Added: 0023570 | |
| 2024-10-23 13:25 | schanzen | Status | assigned => resolved |
| 2024-10-23 13:25 | schanzen | Resolution | open => fixed |
| 2024-10-24 11:54 | schanzen | Fixed in Version | => 0.22.2 |
| 2024-10-29 20:56 | schanzen | Note Added: 0023633 | |
| 2024-10-29 20:56 | schanzen | Status | resolved => closed |
