Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: Backport of 12892 to rec-4.8.x: YaHTTP: Prevent integer overflow on very large chunks #13078

Merged
merged 1 commit into from Jul 31, 2023
Merged

rec: Backport of 12892 to rec-4.8.x: YaHTTP: Prevent integer overflow on very large chunks #13078

merged 1 commit into from Jul 31, 2023

Conversation

omoerbeek
Copy link
Member

If the chunk_size is very close to the maximum value of an integer, we trigger an integer overflow when checking if we have a trailing newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/6439610474692608 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804

(cherry picked from commit b602982)

Backport of #12892

Short description

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
  • checked that this code was merged to master

@rgacogne @omoerbeek
YaHTTP: Prevent integer overflow on very large chunks
bef9ac1 
If the chunk_size is very close to the maximum value of an integer,
we trigger an integer overflow when checking if we have a trailing
newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/6439610474692608
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804

(cherry picked from commit b602982)
@omoerbeek omoerbeek added the rec label Jul 26, 2023
@omoerbeek omoerbeek added this to the rec-4.8.x milestone Jul 26, 2023
@omoerbeek omoerbeek changed the title rec: backport of 12892 to rec-4.8.x: YaHTTP: Prevent integer overflow on very large chunks rec: Backport of 12892 to rec-4.8.x: YaHTTP: Prevent integer overflow on very large chunks Jul 26, 2023
@omoerbeek
Copy link
Member Author

Failing tests are fixed by #13056 which was merged.

@omoerbeek omoerbeek merged commit bc2ef65 into PowerDNS:rel/rec-4.8.x Jul 31, 2023
44 of 47 checks passed
@omoerbeek omoerbeek deleted the backport-12892-to-rec-4.8.x branch July 31, 2023 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgacogne rgacogne rgacogne approved these changes

Assignees
No one assigned
Labels
rec
Projects
None yet
Milestone
rec-4.8.x
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@omoerbeek @rgacogne