Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Antelope issues with memory checking #624

Merged
merged 4 commits into from Aug 28, 2018

Conversation

nvt
Copy link
Member

@nvt nvt commented Aug 20, 2018

Addresses the issues pointed out in #594, #595, #596, #597, #598, and #599.

The attack vector, as pointed out in the reports, is limited to when an attacker has access to insert DB queries directly, which should not be allowed for multiple reasons. Still, the reports will help remove some crashes on invalid input.

Next on the agenda is to create a new set of tests for storage (including tests for the aforementioned issues), but this will be addressed in a later PR.

Thanks to @cve-reporting for the report, and sorry for the late reply -- a long vacation just ended.

Fixes #594
Fixes #595
Fixes #596
Fixes #597
Fixes #598
Fixes #599

@nvt nvt force-pushed the fix-antelope-issues branch 3 times, most recently from cd0fd0a to 6531d1a Compare August 27, 2018 13:53
@nfi nfi merged commit 6ebdbf0 into contiki-ng:develop Aug 28, 2018
@simonduq simonduq added pr/bugfix Used for PRs that fix a bug of any severity bug/vulnerability labels Oct 15, 2018
@nvt nvt deleted the fix-antelope-issues branch January 8, 2019 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug/vulnerability pr/bugfix Used for PRs that fix a bug of any severity
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants