New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect integer handling CVE-2016-6252 #27
Comments
|
However using strtoul() in the fix does not really make a difference: |
|
Hi, I'm not sure the testcase here means the fix won't work though. If you then check whether i < 100, you'll find that it isn't, meaning that verify_ranges() ought to do the right thing. it might be worth adding a "mapping->lower + mapping->count > mapping->lower" check. |
|
I just wanted to show that strtoul() does not handle negative numbers as one (or at least I) would expect. The rest of the fix can still be good. |
|
I believe this is now fixed. |
|
@hallyn which commit fixed it? |
|
1d5a926 I guess. |
Reported to SuSe bug tracker with proposed fix.
https://bugzilla.suse.com/show_bug.cgi?id=979282
The text was updated successfully, but these errors were encountered: