Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
heap buffer overflow in dcputs #80
On libming latest version, a heap buffer overflow was found in function dcputs .
testcase : https://github.com/bestshow/p0cs/blob/master/heap-buffer-overflow-in_dcputs
Hum, in fact the problem is still here.
First thing I noticed after some debugging in
This should be easy to fix, something like
I'll submit a PR once we're done with #94. I'll also have to make sure it's enough to fix the CVE.
Oh, right, here is another issue:
This issue is much trickier to fix because it may involve some non-trivial code refactoring.
referenced this issue
Dec 5, 2017
I have pull requested a fix for the first issue mentioned here. Even if I wasn't completely wrong, the first explanation/fix I provided here wasn't completely right and I had to investigate this issue further.
You'll find more detailed explanations in #96.
Concerning the second issue: Nothing critical, and IMO it's a separate issue not related to CVE-2017-11732. I'll open a separate bug report and investigate it further.