New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Antelope issues with memory checking #624

Merged
merged 4 commits into from Aug 28, 2018

Conversation

Projects
None yet
3 participants
@nvt
Member

nvt commented Aug 20, 2018

Addresses the issues pointed out in #594, #595, #596, #597, #598, and #599.

The attack vector, as pointed out in the reports, is limited to when an attacker has access to insert DB queries directly, which should not be allowed for multiple reasons. Still, the reports will help remove some crashes on invalid input.

Next on the agenda is to create a new set of tests for storage (including tests for the aforementioned issues), but this will be addressed in a later PR.

Thanks to @cve-reporting for the report, and sorry for the late reply -- a long vacation just ended.

Fixes #594
Fixes #595
Fixes #596
Fixes #597
Fixes #598
Fixes #599

@nvt nvt force-pushed the nvt:fix-antelope-issues branch 3 times, most recently from cd0fd0a to 6531d1a Aug 20, 2018

@nfi

nfi approved these changes Aug 27, 2018

@nvt nvt force-pushed the nvt:fix-antelope-issues branch from 91fde23 to 7860ca5 Aug 27, 2018

@nfi nfi merged commit 6ebdbf0 into contiki-ng:develop Aug 28, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment