Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2017-12470] ndn_parse_sequence: integer overflow #136

Closed
blacksheeep opened this issue Aug 7, 2017 · 1 comment
Closed

[CVE-2017-12470] ndn_parse_sequence: integer overflow #136

blacksheeep opened this issue Aug 7, 2017 · 1 comment
Labels
bug vulnerability

Comments

@blacksheeep
Copy link
Contributor

static int
ndn_parse_sequence(int lev, unsigned char *base, unsigned char **buf,
int *len, char cur_tag, int rawxml, FILE out)
{
int i, maxi, vallen;
int typ;

typ should be unsigned, otherwise the check below fails:

    if (typ < NDN_TLV_MAX_TYPE && ndntlv_recurse[typ]) {
        *len -= vallen;

vallen wants to be unsigned as well, or better size_t
@blacksheeep
Copy link
Contributor Author

fixed in ccnlv2-master

@blacksheeep blacksheeep added the bug label Aug 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blacksheeep