diff options
author | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2014-05-17 20:06:55 +0300 |
---|---|---|
committer | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2014-05-17 20:06:55 +0300 |
commit | 5ef128616baffd15bb904fc56f651d40901be429 (patch) | |
tree | d09614ab604b9398de88c09870b6ac8b26af5c5f /tests/splint/SConscript | |
parent | ba2ab9ea65d029b2560c461be317f3cf0d19eb3e (diff) |
Fix security issue with PB_ENABLE_MALLOC.
The multiplication in allocate_field could potentially overflow,
leading to allocating too little memory. This could subsequently
allow an attacker to cause a write past the buffer, overwriting
other memory contents.
The attack is possible if untrusted message data is decoded using
nanopb, and the message type includes a pointer-type string or bytes
field, or a repeated numeric field. Submessage fields are not
affected.
This issue only affects systems that have been compiled with
PB_ENABLE_MALLOC enabled. Only version nanopb-0.2.7 is affected,
as prior versions do not include this functionality.
Update issue 117
Status: FixedInGit
Diffstat (limited to 'tests/splint/SConscript')
0 files changed, 0 insertions, 0 deletions