Opened 10 years ago

Closed 10 years ago

#177 closed defect (fixed)

validation of Name::split() is insufficient

Reported by: jinmei Owned by: jinmei
Priority: medium Milestone: 03. 1st Incremental Release
Component: libdns++ Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity:
Sub-Project: Feature Depending on Ticket:
Estimated Difficulty: Add Hours to Ticket:
Total Hours: Internal?:

Description

With the current trunk code, the following test in NameTest? could cause a crash:

    // invalid range: (assuming int is 32-bit) the following parameters would
    // cause overflow, bypassing naive validation.
    EXPECT_THROW(example_name.split(1, 0xffffffff), OutOfRange);

Subtickets

Change History (4)

comment:1 follow-up: Changed 10 years ago by jinmei

  • Status changed from new to reviewing

Fixed the bug in the trac177 branch. The diff can be retrieved by:
svn diff -r r1802 svn+ssh://bind10.isc.org/svn/bind10/branches/trac177

Please review.

comment:2 in reply to: ↑ 1 ; follow-up: Changed 10 years ago by each

  • Owner changed from UnAssigned to each
  • Status changed from reviewing to accepted

Please review.

Patch OK.

comment:3 Changed 10 years ago by each

  • Owner changed from each to jinmei
  • Status changed from accepted to assigned

comment:4 in reply to: ↑ 2 Changed 10 years ago by jinmei

  • Resolution set to fixed
  • Status changed from assigned to closed

Replying to each:

Please review.

Patch OK.

Thanks, committed to trunk, r1806, closing.

Note: See TracTickets for help on using tickets.