Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 01 May 2014 10:35:27 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: possible miniupnpc buffer overflow

> On a related note, I'm not sure if there are other issues close by. For
> example, in version 1.9, miniwget.c:
>
> 172                         /* copy the remaining of the received data
> back to buf */
> 173                         n = header_buf_used - endofheaders;
> 174                         memcpy(buf, header_buf + endofheaders, n);
>
> n and endofheaders are signed ints, and header_buf_used is unsigned.
> Mixing the types together (and the signed int in the memcpy) may warrant
> further investigation.

Upstream investigated this and found it to be safe.

Cheers,

--

Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.