This repository has been archived by the owner on Jun 30, 2021. It is now read-only.
the function htparser_get_strerror may have a out-of-bounds read
#72
Comments
NathanFrench
added a commit
that referenced
this issue
Jan 9, 2018
While the API was never effected by this, I guess a user who had set their own parser error could have triggered this read. But alas, a bug is a bug. We don't look for error + 1 in the error string table, we just look for error > last_enum.
|
I would love to know how someone could have triggered this, since that structure is never made public, thus it was never abused; but a bug is a bug, and I fixed it up here 75574ba Will merge in a bit. |
NathanFrench
added a commit
that referenced
this issue
Jan 9, 2018
[#72] Fix for oob read from htparser_get_strerror
|
All good - thanks again! You're my human static analyzer! |
|
I am happy to contribute to this project! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Details
Steps or code to reproduce the problem.
The Array of string pointers errstr_map only have 13 item
But. The Enum type htpparse_error had defined 14 item
This code
if (e > (htparse_error_generic + 1))may cause valueelarge than that arrayerrstr_mapsize.Example code (if applicable)
Version
latest
The text was updated successfully, but these errors were encountered: