libnfs icon indicating copy to clipboard operation
libnfs copied to clipboard

Published 20 hours ago verified publisher icon sahlberg

few vulnerabilities

Open crusader-mike opened this issue 5 years ago • 0 comments

Here malicious packet can lead to suprises. (depending on size of int, etc)

Here we will end up allocating too few bytes if size is (uint32_t)-1 (or close) due to wraparound. Same effect.

Same here. That cast to int is bad.

And in general code is vulnerable to effects related to overflows. For example, this code:

	if (zdrs->pos + 8 > zdrs->size) {

should be written as:

	if (zdrs->size - zdrs->pos < 8) {      // not vulnerable to wraparounds anymore

and etc.

crusader-mike avatar Jan 31 '20 20:01 crusader-mike