Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2018-6948] ccnl_prefix_to_str_detailed can overrun when using NFN #193

Closed
blacksheeep opened this issue Feb 13, 2018 · 2 comments
Closed

Comments

@blacksheeep
Copy link
Contributor

blacksheeep commented Feb 13, 2018

The function ccnl_prefix_to_str_detailed can cause an buffer overflow, when writing a prefix to the buffer buf. The maximum size of the prefix is CCNL_MAX_PREFIX_SIZE and size of the buffer is CCNL_MAX_PREFIX_SIZE.

However, if NFN is enabled, additional characters are written to the buffer (e.g. the "NFN" and the "R2C" tags). Therefore, sending a NFN-R2C packet with a prefix with the size of CCNL_MAX_PREFIX_SIZE can cause a overflow of buf inside ccnl_prefix_to_str_detailed.

@mfrey
Copy link
Collaborator

mfrey commented Feb 13, 2018

I've edited your comment and set parts which referred to code in backticks. Also, a fix for this bug should make use of snprintf over sprintf.

@blacksheeep blacksheeep changed the title ccnl_prefix_to_str_detailed can overrun when using NFN [CVE-2018-6948] ccnl_prefix_to_str_detailed can overrun when using NFN Feb 13, 2018
@blacksheeep
Copy link
Contributor Author

Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants