View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009321 | GNUnet | util library | public | 2024-11-04 16:45 | 2024-11-14 09:43 |
Reporter | fefe | Assigned To | schanzen | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | resolved | Resolution | fixed | ||
Target Version | 0.23.0 | ||||
Summary | 0009321: GNUNET_DNSPARSER_duplicate_cert_record uses strdup instead of memdup | ||||
Description | 882 struct GNUNET_DNSPARSER_CertRecord * 883 GNUNET_DNSPARSER_duplicate_cert_record ( 884 const struct GNUNET_DNSPARSER_CertRecord *r) 885 { 886 struct GNUNET_DNSPARSER_CertRecord *dup = GNUNET_memdup (r, sizeof(*r)); 887 888 dup->certificate_data = GNUNET_strdup (r->certificate_data); 889 return dup; 890 } This looks wrong because here's where certificate_data came from: 601 cert->certificate_size = udp_payload_length - (*off); 602 cert->certificate_data = GNUNET_malloc (cert->certificate_size); 603 GNUNET_memcpy (cert->certificate_data, 604 &udp_payload[*off], 605 cert->certificate_size); Using strdup assumes there is a 0 terminator, which nobody guaranteed. It could run off the end of the buffer, which we happen to know the size of. We should use it. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2024-11-04 16:45 | fefe | New Issue | |
2024-11-04 19:26 | schanzen | Changeset attached | => gnunet master e014f5f5 |
2024-11-04 19:26 | schanzen | Note Added: 0023659 | |
2024-11-04 19:26 | schanzen | Assigned To | => schanzen |
2024-11-04 19:26 | schanzen | Status | new => resolved |
2024-11-04 19:26 | schanzen | Resolution | open => fixed |
2024-11-04 19:26 | schanzen | Target Version | => 0.22.3 |
2024-11-14 09:43 | schanzen | Target Version | 0.22.3 => 0.23.0 |