The function ccnl_prefix_to_str_detailed can cause an buffer overflow, when writing a prefix to the buffer buf. The maximum size of the prefix is CCNL_MAX_PREFIX_SIZE and size of the buffer is CCNL_MAX_PREFIX_SIZE.
However, if NFN is enabled, additional characters are written to the buffer (e.g. the "NFN" and the "R2C" tags). Therefore, sending a NFN-R2C packet with a prefix with the size of CCNL_MAX_PREFIX_SIZE can cause a overflow of buf inside ccnl_prefix_to_str_detailed.
The text was updated successfully, but these errors were encountered:
blacksheeep
changed the title
ccnl_prefix_to_str_detailed can overrun when using NFN
[CVE-2018-6948] ccnl_prefix_to_str_detailed can overrun when using NFN
Feb 13, 2018
The function
ccnl_prefix_to_str_detailedcan cause an buffer overflow, when writing a prefix to the bufferbuf. The maximum size of the prefix isCCNL_MAX_PREFIX_SIZEand size of the buffer isCCNL_MAX_PREFIX_SIZE.However, if NFN is enabled, additional characters are written to the buffer (e.g. the "NFN" and the "R2C" tags). Therefore, sending a NFN-R2C packet with a prefix with the size of
CCNL_MAX_PREFIX_SIZEcan cause a overflow ofbufinsideccnl_prefix_to_str_detailed.The text was updated successfully, but these errors were encountered: