New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow [tls_bench+0x50ff15] #2032
Comments
|
Vulnerable code in tls_bench.c |
|
Hi RootUp, Both of these reports have already been resolved in PR #2013, which was merged into our master branch yesterday (1/16/19). I confirmed via fsanitize and scan-build, plus manual testing. The first issue was resolved, by ensuring the max buffer size is setup correctly. See line 84: The second issue was resolved by using this code starting at line 650: The strncpy will handle I am marking this issue closed. Please let me know if you find any other issues. Thanks, |
|
This is example code only and unrelated to the library proper. https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6439.html |
Hi Team,
Summary
I have compiled wolfSSL using clang and a heap based buffer overflow is observed in
tls_bench.cSystem info:
Linux zero 4.15.0-43-generic #46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64 x86_64 x86_64 GNU/LinuxASAN
The text was updated successfully, but these errors were encountered: