Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2017-12465] iottlv_parse_sequence and localrpc_parse: integer overflow #131

Closed
blacksheeep opened this issue Aug 7, 2017 · 1 comment
Assignees

Comments

@blacksheeep
Copy link
Contributor

int
localrpc_parse(int lev, unsigned char *base, unsigned char **buf, int len,
int rawxml, FILE
out)
{
int typ, vallen, i;
unsigned char *cp;

the typ, vallen and i want to be unsigned as well,
otherwise the memcpy() in the LRPC_FLATNAME will run amok


iottlv_parse_sequence(int lev, unsigned char ctx, unsigned char *base,
unsigned char **buf, int *len, char cur_tag,
int rawxml, FILE
out)
{
int i, vallen;

vallen wants to be unsigned, better size_t ...

@blacksheeep blacksheeep added the bug label Aug 7, 2017
@blacksheeep blacksheeep self-assigned this Aug 7, 2017
@blacksheeep
Copy link
Contributor Author

fixed in ccnlv2-master

@blacksheeep blacksheeep changed the title [Use CVE-2017-12465] iottlv_parse_sequence and localrpc_parse: integer overflow [CVE-2017-12465] iottlv_parse_sequence and localrpc_parse: integer overflow Aug 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant