]> Kevux Git Server - fll/commit
projects / fll / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d649059) | patch
Security: Incorrect size increase in private_fll_iki_content_partial_escape().
authorKevin Day <thekevinday@gmail.com>
Sat, 26 Sep 2020 21:14:52 +0000 (16:14 -0500)
committerKevin Day <thekevinday@gmail.com>
Sat, 26 Sep 2020 21:14:52 +0000 (16:14 -0500)
commit50560e1be9d8a16f6966e438f92c014d82675682
tree8b68553cb10e54acb8e144844911f8c33f447047tree | snapshot
parentd649059b8282e2ae2f55fea0443edb4ba7a78e17commit | diff
Security: Incorrect size increase in private_fll_iki_content_partial_escape().

The size increase test is "escaped->used + delimits + 2", but actual arguments passed to the increase function is "delimits".
The "+2" is missing.

This gets caught by the parameter checker when delimits is 0.
When delimits is, say 1, then an insufficient amount of memory is increased.
This will likely result in a segfault.
level_2/fll_iki/c/private-iki.c diff | blob | history
The Featureless Linux Library (FLL) Git repository.