fix CVE-2022-45188 #240

dgsga · 2023-03-26T13:23:12Z

This commit fixes the heap-based buffer overflow in afp_getappl()

rdmark · 2023-03-26T21:18:46Z

FYI I'm trying to figure out why Sonar scanning is failing.

Update: It's a Sonar permission issue.

Update 2: I've disabled Sonar scanning for PRs originating from forks. This is a github limitation / security measure.

dgsga · 2023-03-27T14:04:48Z

Just to double-check I setup SonarCloud on the prtest branch of my fork (which has the CVE fix applied) and it passes analysis.

rdmark · 2023-03-27T22:20:16Z

@dgsga Thank you for running the tests, and for preparing this patch in the first place!

May I ask you to squash your commits and force push to this PR, so that we get a clean commit log? I'm sure you're well familiar with git, but we have some advice in the FAQ here https://github.com/Netatalk/netatalk/wiki/Developer-Notes#user-content-FAQ

This commit fixes the heap-based buffer overflow in afp_getappl()

dgsga · 2023-03-28T08:06:34Z

Have rebased the prtest branch on my fork on upstream main so you should have the clean log now...

rdmark · 2023-03-28T16:47:36Z

Looks great. Merged. Thanks again for your contribution!

dgsga closed this Mar 26, 2023

dgsga deleted the prtest branch March 26, 2023 14:21

dgsga restored the prtest branch March 26, 2023 14:21

dgsga reopened this Mar 26, 2023

fix CVE-2022-45188

831b0da

This commit fixes the heap-based buffer overflow in afp_getappl()

rdmark merged commit dfab568 into Netatalk:main Mar 28, 2023
1 check passed

dgsga deleted the prtest branch March 28, 2023 18:56

Provide feedback