-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix MemIOCallback buffer overflows #148
Conversation
If the addition of 2 positive values is smaller than one of the values then we have an overflowing addition. In this case that means we are trying to read more data that is actually in our buffer. So we can use the same mechanism as reading too much data.
If the addition of 2 positive values is smaller than one of the values then we have an overflowing addition. In this case we will not be able to allocate that much, just return a size written as 0.
Poke @mbunkus |
Given that all variables in that addition are unsigned, testing for overflow like this is OK. Looks good to me. I've also tested it by cherry-picking both commits on top of the You can merge this. Please also cherry-pick & merge both commits onto the |
Hi, do you plan to request CVEs for these bugs? They look security-relevant |
Yes, they're security relevant. Personally I'm not interested in dealing with the bureaucracy of CVE. If Steve wants to handle it, he can, of course; or if anyone else does, go ahead. |
Steve let me know if you'll go on with the process, otherwise I can take care of it. |
Same here. I'd rather not deal with the CVE process. |
I just requested a CVE. I'll post it here for documentation purposes once it's assigned. |
FWIW, this is CVE-2023-52339 . |
Fixes #147