Closed
Description
The fixes for #247 are incomplete, as I explained in:
https://www.openwall.com/lists/oss-security/2018/12/10/8
"Upstream's fix appears to be to add casts to (uint64_t) before adding 1 in those many malloc() calls. On platforms with larger than 32-bit size_t, this should be sufficient against integer overflows since the sizes are read from 32-bit protocol fields, but it isn't sufficient to prevent maliciously large memory allocation on the client by a rogue server. On a platform with 32-bit size_t, this isn't even sufficient to prevent the integer overflows."
Edit: I've just realized the fixes were the issue reporter's, and were merely accepted upstream. But that doesn't change anything with respect to the project needing even further fixes.
Metadata
Metadata
Assignees
Labels
No labels