|
Message-ID: <536196CF.2010204@redhat.com> Date: Thu, 01 May 2014 10:35:27 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: possible miniupnpc buffer overflow > On a related note, I'm not sure if there are other issues close by. For > example, in version 1.9, miniwget.c: > > 172 /* copy the remaining of the received data > back to buf */ > 173 n = header_buf_used - endofheaders; > 174 memcpy(buf, header_buf + endofheaders, n); > > n and endofheaders are signed ints, and header_buf_used is unsigned. > Mixing the types together (and the signed int in the memcpy) may warrant > further investigation. Upstream investigated this and found it to be safe. Cheers, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.