NCC-2016-015 - Out-of-bounds Read in Boost date Class #1459

Closed
rcseacord opened this Issue Sep 30, 2016 · 2 comments

Comments

Projects
4 participants
@rcseacord
Contributor

rcseacord commented Sep 30, 2016

[Edit by Daira]

A two-byte stack based overflow in a date constructor in the Boost libraries is undefined
behavior and may result in data leaks.

@nathan-at-least nathan-at-least added this to the 1.0.0-rc1 milestone Oct 3, 2016

@nathan-at-least nathan-at-least modified the milestones: 1.0.0-rc1, 1.0.0-rc2 Oct 17, 2016

daira added a commit to daira/zcash that referenced this issue Oct 19, 2016

Avoid boost::posix_time functions that have potential out-of-bounds r…
…ead bugs. ref #1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

daira added a commit to daira/zcash that referenced this issue Oct 19, 2016

Avoid boost::posix_time functions that have potential out-of-bounds r…
…ead bugs. ref #1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

daira added a commit to daira/zcash that referenced this issue Oct 20, 2016

Avoid boost::posix_time functions that have potential out-of-bounds r…
…ead bugs. ref #1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

zkbot pushed a commit that referenced this issue Oct 20, 2016

zkbot
Auto merge of #1571 - daira:1459.avoid-boost-posix-time, r=daira
Avoid boost::posix_time functions that have potential out-of-bounds read bugs

ref #1459

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

@bitcartel bitcartel added the has PR label Oct 20, 2016

daira added a commit to daira/zcash that referenced this issue Oct 21, 2016

str4d added a commit to str4d/zcash that referenced this issue Oct 22, 2016

Revert "Revert "Avoid boost::posix_time functions that have potential…
… out-of-bounds read bugs. ref #1459""

This reverts commit f19cb7b.

zkbot pushed a commit that referenced this issue Oct 22, 2016

zkbot
Auto merge of #1601 - str4d:1459-revert-reversion, r=daira
Revert "Revert "Avoid boost::posix_time functions that have potential out-of-bounds read bugs. ref #1459""

This reverts commit f19cb7b.

Closes #1459.

@zkbot zkbot closed this in #1601 Oct 22, 2016

@daira daira changed the title from NCC-2016-015 to NCC-2016-015 - Out-of-bounds Read in Boost date Class Oct 23, 2016

@daira daira reopened this Oct 23, 2016

@daira daira closed this Oct 23, 2016

@daira

This comment has been minimized.

Show comment
Hide comment
@daira

daira Oct 25, 2016

Contributor

@sehetw on Twitter pointed out that

Last time I checked the epoch for chrono clocks is unspecified (implementation defined). (different for various clocks?)

Contributor

daira commented Oct 25, 2016

@sehetw on Twitter pointed out that

Last time I checked the epoch for chrono clocks is unspecified (implementation defined). (different for various clocks?)

@daira daira reopened this Oct 25, 2016

@daira daira modified the milestones: 1.0.1 stabilization, 1.0.0-rc2 Oct 25, 2016

@daira

This comment has been minimized.

Show comment
Hide comment
@daira

daira Oct 25, 2016

Contributor

Actually I'll open another ticket for that.

Contributor

daira commented Oct 25, 2016

Actually I'll open another ticket for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment