Fix a read buffer overrun that copied random data from memory into - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	schwarze <schwarze@openbsd.org>	2017-02-17 03:01:39 +0000
committer	schwarze <schwarze@openbsd.org>	2017-02-17 03:01:39 +0000
commit	972cfc25c1461f9d25ba8e7b0cbda52a9ad62ccb (patch)
tree	2497c1f16ab670e67b7e68fd0635b86596892d6f /lib/libc
parent	Do not show rsa1 key type in usage when compiled without SSH1 support. (diff)
download	wireguard-openbsd-972cfc25c1461f9d25ba8e7b0cbda52a9ad62ccb.tar.xz wireguard-openbsd-972cfc25c1461f9d25ba8e7b0cbda52a9ad62ccb.zip

Fix a read buffer overrun that copied random data from memory into

text nodes when a string passed to deroff() ended in a backslash and the byte after the terminating NUL was non-NUL, found by tb@ with afl(1). Invalid bytes so copied with the high bit set could later sometimes trigger another out of bounds read access to static memory in roff_strdup(), so add an assertion there to abort safely in case of similar data corruption.

Diffstat (limited to 'lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: