View Issue Details

IDProjectCategoryView StatusLast Update
0009302GNUnetutil librarypublic2024-10-29 20:56
Reporterfefe Assigned Toschanzen  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.22.2Fixed in Version0.22.2 
Summary0009302: GNUNET_CRYPTO_hash_file: buffer overflow
Description168 struct GNUNET_CRYPTO_FileHashContext * 169 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
170 const char *filename,
171 size_t blocksize,
172 GNUNET_CRYPTO_HashCompletedCallback callback,
173 void *callback_cls)
174 {
175 struct GNUNET_CRYPTO_FileHashContext *fhc;
176
177 GNUNET_assert (blocksize > 0);
178 fhc =
179 GNUNET_malloc (sizeof(struct GNUNET_CRYPTO_FileHashContext) + blocksize);

This needs an overflow check. blocksize comes in as function argument and the caller might have been tricked.
TagsNo tags attached.

Activities

schanzen

2024-10-29 13:00

administrator   ~0023612

Fix committed to master branch.

schanzen

2024-10-29 20:56

administrator   ~0023625

Released

Related Changesets

gnunet: master 663478b6

2024-10-29 13:59

schanzen


Details Diff
util: Add overflow check to GNUNET_CRYPTO_FileHashContext. Fixes 0009302 Affected Issues
0009302
mod - src/lib/util/crypto_hash_file.c Diff File

Issue History

Date Modified Username Field Change
2024-10-28 13:54 fefe New Issue
2024-10-29 13:00 schanzen Changeset attached => gnunet master 663478b6
2024-10-29 13:00 schanzen Note Added: 0023612
2024-10-29 13:00 schanzen Assigned To => schanzen
2024-10-29 13:00 schanzen Status new => resolved
2024-10-29 13:00 schanzen Resolution open => fixed
2024-10-29 13:00 schanzen Fixed in Version => 0.22.2
2024-10-29 13:00 schanzen Target Version => 0.22.2
2024-10-29 20:56 schanzen Note Added: 0023625
2024-10-29 20:56 schanzen Status resolved => closed