diff options
| author | Christian Brabandt <cb@256bit.org> | 2023-11-29 10:23:39 +0100 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2023-12-01 18:58:50 +0100 |
| commit | 0fb375aae608d7306b4baf9c1f906961f32e2abf (patch) | |
| tree | 10a990e59a5b11b65536b3ad9a482e0a26a9d584 /src/testdir/crash | |
| parent | eec0c2b3a4cfab93dd8d4adaa60638d47a2bbc8a (diff) | |
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walkv9.0.2141
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/testdir/crash')
| -rw-r--r-- | src/testdir/crash/poc_suggest_trie_walk | bin | 0 -> 100 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/src/testdir/crash/poc_suggest_trie_walk b/src/testdir/crash/poc_suggest_trie_walk Binary files differnew file mode 100644 index 0000000000..c79b6eeb5c --- /dev/null +++ b/src/testdir/crash/poc_suggest_trie_walk |