Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NCC-2016-015 - Out-of-bounds Read in Boost date Class #1459

Closed
rcseacord opened this issue Sep 30, 2016 · 2 comments
Closed

NCC-2016-015 - Out-of-bounds Read in Boost date Class #1459

rcseacord opened this issue Sep 30, 2016 · 2 comments
Assignees
Milestone

Comments

@rcseacord
Copy link
Contributor

@rcseacord rcseacord commented Sep 30, 2016

[Edit by Daira]

A two-byte stack based overflow in a date constructor in the Boost libraries is undefined
behavior and may result in data leaks.

@nathan-at-least nathan-at-least added this to the 1.0.0-rc1 milestone Oct 3, 2016
@nathan-at-least nathan-at-least modified the milestones: 1.0.0-rc1, 1.0.0-rc2 Oct 17, 2016
daira added a commit to daira/zcash that referenced this issue Oct 19, 2016
…ead bugs. ref zcash#1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
daira added a commit to daira/zcash that referenced this issue Oct 19, 2016
…ead bugs. ref zcash#1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
daira added a commit to daira/zcash that referenced this issue Oct 20, 2016
…ead bugs. ref zcash#1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
zkbot pushed a commit that referenced this issue Oct 20, 2016
Avoid boost::posix_time functions that have potential out-of-bounds read bugs

ref #1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
@bitcartel bitcartel added the M-has-pr label Oct 20, 2016
daira added a commit to daira/zcash that referenced this issue Oct 21, 2016
str4d added a commit to str4d/zcash that referenced this issue Oct 22, 2016
… out-of-bounds read bugs. ref zcash#1459""

This reverts commit f19cb7b.
zkbot pushed a commit that referenced this issue Oct 22, 2016
Revert "Revert "Avoid boost::posix_time functions that have potential out-of-bounds read bugs. ref #1459""

This reverts commit f19cb7b.

Closes #1459.
@zkbot zkbot closed this in #1601 Oct 22, 2016
@daira daira changed the title NCC-2016-015 NCC-2016-015 - Out-of-bounds Read in Boost date Class Oct 23, 2016
@daira daira reopened this Oct 23, 2016
@daira daira closed this Oct 23, 2016
@daira
Copy link
Contributor

@daira daira commented Oct 25, 2016

@sehetw on Twitter pointed out that

Last time I checked the epoch for chrono clocks is unspecified (implementation defined). (different for various clocks?)

@daira daira reopened this Oct 25, 2016
@daira daira modified the milestones: 1.0.1 stabilization, 1.0.0-rc2 Oct 25, 2016
@daira daira removed this from the 1.0.1 stabilization milestone Oct 25, 2016
@daira
Copy link
Contributor

@daira daira commented Oct 25, 2016

Actually I'll open another ticket for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.