Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

potential off by one in parse_arguments #1799

Closed
tinselcity opened this issue Jun 6, 2018 · 1 comment
Closed

potential off by one in parse_arguments #1799

tinselcity opened this issue Jun 6, 2018 · 1 comment
Assignees
@zimmerle
Labels
2.x Related to ModSecurity version 2.x

Comments

@tinselcity
Copy link

In parse arguments in the length check here

            while ((s[i] != '=') && (s[i] != argument_separator) && (i < inputlength)) {

The bounds checking happens after the deref s[i] -so if i == inputlength the deref on the buffer in s will run off the end before the bounds check (i < inputlength)
@zimmerle zimmerle self-assigned this Jun 6, 2018
zimmerle pushed a commit that referenced this issue Sep 5, 2018
potential off by one in parse_arguments
89f5427 
Issue: #1799
@zimmerle
Copy link
Contributor

zimmerle commented Sep 5, 2018
edited

Thanks @tinselcity.

Fixed as of: 89f5427

@zimmerle zimmerle closed this as completed Sep 5, 2018
@zimmerle zimmerle added the 2.x Related to ModSecurity version 2.x label Sep 5, 2018
@fakhrizulkifli fakhrizulkifli mentioned this issue Jul 27, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @tinselcity