Chiebot-Mirror
/
c-ares
mirror of https://github.com/c-ares/c-ares.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid buffer overflow in RC4 loop comparison (#336)

Browse Source 
The rc4 function iterates over a buffer of size buffer_len who's maximum
value is INT_MAX with a counter of type short that is not guaranteed to
have maximum size INT_MAX.

In circumstances where short is narrower than int and where buffer_len
is larger than the maximum value of a short, it may be possible to loop
infinitely as counter will overflow and never be greater than or equal
to buffer_len.

The solution is to make the comparison be between types of equal width.
This commit defines counter as an int.

Fix By: Fionn Fitzmaurice (@fionn)
pull/339/head
Fionn Fitzmaurice 4 years ago committed by GitHub
parent d561177542
commit 6d6cd5daf6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      ares_query.c

2
ares_query.c
Unescape View File

@ -45,7 +45,7 @@ static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
unsigned char y; unsigned char y;
unsigned char* state; unsigned char* state;
unsigned char xorIndex; unsigned char xorIndex;
short counter; int counter;
x = key->x; x = key->x;
y = key->y; y = key->y;

Write Preview
Loading…
Cancel
Save