Date: Thu, 01 May 2014 10:35:27 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: possible miniupnpc buffer overflow > On a related note, I'm not sure if there are other issues close by. For > example, in version 1.9, miniwget.c: > > 172 /* copy the remaining of the received data > back to buf */ > 173 n = header_buf_used - endofheaders; > 174 memcpy(buf, header_buf + endofheaders, n); > > n and endofheaders are signed ints, and header_buf_used is unsigned. > Mixing the types together (and the signed int in the memcpy) may warrant > further investigation. Upstream investigated this and found it to be safe. Cheers, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ