mirror of
https://repo.or.cz/socat.git
synced 2025-07-20 09:52:56 +00:00
Fixed possible integer overflow with option -b
This commit is contained in:
Gerhard Rieger
parent
0c65370ae5
commit
8e6b341f59
4 changed files with 66 additions and 2 deletions
8
CHANGES
8
CHANGES
|
|
@ -1,4 +1,12 @@
|
|||
|
||||
Security:
|
||||
Buffer size option (-b) is internally doubled for CR-CRLF conversion,
|
||||
but not checked for integer overflow. This could lead to heap based
|
||||
buffer overflow, assuming the attacker could provide this parameter.
|
||||
Test: BLKSIZE_INT_OVERFL
|
||||
Thanks to Lê Hiếu Bùi for reporting this issue and sending an
|
||||
example exploit.
|
||||
|
||||
Testing:
|
||||
test.sh now produces a list of tests that could not be performed for
|
||||
any reason. This helps to analyse these cases.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue