Viewing all changes in revision 8223.
- Committer: Daniel Wagner
- Date: 2022-08-01 06:41:03 UTC
- Revision ID: git-v1:d1a5ede5d255bde8ef707f8441b997563b9312bd
gweb: Fix OOB write in received_data()
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292
- files modified:
- gweb/gweb.c
expand all
collapse all
added
removed
