int
localrpc_parse(int lev, unsigned char *base, unsigned char **buf, int len,
int rawxml, FILE out)
{
int typ, vallen, i;
unsigned char *cp;
the typ, vallen and i want to be unsigned as well,
otherwise the memcpy() in the LRPC_FLATNAME will run amok
iottlv_parse_sequence(int lev, unsigned char ctx, unsigned char *base,
unsigned char **buf, int *len, char cur_tag,
int rawxml, FILE out)
{
int i, vallen;
vallen wants to be unsigned, better size_t ...
The text was updated successfully, but these errors were encountered:
blacksheeep
changed the title
[Use CVE-2017-12465] iottlv_parse_sequence and localrpc_parse: integer overflow
[CVE-2017-12465] iottlv_parse_sequence and localrpc_parse: integer overflow
Aug 7, 2017
int
localrpc_parse(int lev, unsigned char *base, unsigned char **buf, int len,
int rawxml, FILE out)
{
int typ, vallen, i;
unsigned char *cp;
the typ, vallen and i want to be unsigned as well,
otherwise the memcpy() in the LRPC_FLATNAME will run amok
iottlv_parse_sequence(int lev, unsigned char ctx, unsigned char *base,
unsigned char **buf, int *len, char cur_tag,
int rawxml, FILE out)
{
int i, vallen;
vallen wants to be unsigned, better size_t ...
The text was updated successfully, but these errors were encountered: