Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

antelope,storage-cfs: Fix length of filename array #2425

Merged
merged 1 commit into from Apr 14, 2023

Conversation

szsam
Copy link
Contributor

@szsam szsam commented Apr 14, 2023

#define INDEX_NAME_SUFFIX ".idx"
#define INDEX_NAME_LENGTH (RELATION_NAME_LENGTH + \
sizeof(INDEX_NAME_SUFFIX) - 1)

The macro INDEX_NAME_LENGTH does not count the trailing null char.

@nvt nvt merged commit 6e21dd2 into contiki-ng:develop Apr 14, 2023
17 checks passed
@Machiry
Copy link

Machiry commented Apr 14, 2023

This looks like a off-by-one-byte error. Should there be a CVE for this? (@nvt)

@nvt
Copy link
Member

nvt commented Apr 14, 2023

@Machiry Yes, it might get a CVE, but it is difficult to exploit the bug without direct access to the DBMS; e.g., by being able to inject shell commands into the IoT node.

@Machiry
Copy link

Machiry commented Apr 14, 2023

I agree about the exploitability. But given that this is in a storage stack, it is better to have a CVE (may be a low-severity).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants