diff options
| author | Christian Brabandt <cb@256bit.org> | 2023-09-02 19:43:33 +0200 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2023-09-02 19:43:33 +0200 |
| commit | 889f6af37164775192e33b233a90e86fd3df0f57 (patch) | |
| tree | 5a869fb3afc232c67bd29821b31b0987f5e86e86 | |
| parent | 4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (diff) | |
patch 9.0.1847: [security] potential oob write in do_addsub()v9.0.1847
Problem: potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()
Signed-off-by: Christian Brabandt <cb@256bit.org>
| -rw-r--r-- | src/ops.c | 2 | ||||
| -rw-r--r-- | src/version.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -2919,7 +2919,7 @@ do_addsub( for (bit = bits; bit > 0; bit--) if ((n >> (bit - 1)) & 0x1) break; - for (i = 0; bit > 0; bit--) + for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--) buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0'; buf2[i] = '\0'; diff --git a/src/version.c b/src/version.c index 5cde7c1855..c638a107e3 100644 --- a/src/version.c +++ b/src/version.c @@ -700,6 +700,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1847, +/**/ 1846, /**/ 1845, |