Missing boundary check before sprintf in process_file function #8913
Comments
VINSERTF128
changed the title
|
Hi this is not a RT-Thread issue, this is from LWIP, please submit this request to LWIP community, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Title
Missing boundary check before sprintf in process_file function
Severity
High
Difficulty
Low
Type
Security Issue
Target
components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Description
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Location 1
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
rt-thread/components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
Line 728 in 7245dbd
Location 2
rt-thread/components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Line 923 in 7245dbd
Exploit Scenario
Recommendations
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Possible fix
use of snprintf in this specific case:
snprintf(qualifiedName, sizeof(qualifiedName), "%s/%s", curSubdir, filename);
Or update the lwip
Permalink:
rt-thread/components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
Line 728 in 7245dbd
rt-thread/components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Line 923 in 7245dbd
If you think this is eligible I would like to apply for CVE-id recognition.
The text was updated successfully, but these errors were encountered: