| commit | f37c16aadd0b5fffdb359f38967cc53240250577 | |
| author | Glenn Strauss <gstrauss@gluelogic.com> | |
| Fri, 31 Jan 2020 21:47:39 +0000 (31 16:47 -0500) | ||
| committer | Glenn Strauss <gstrauss@gluelogic.com> | |
| Fri, 31 Jan 2020 21:54:59 +0000 (31 16:54 -0500) | ||
| tree | fa91d9cfeb7fa27fbd9befac00439da950668202 | treesnapshot (tar.gz zip) |
| parent | 2c409321df0f9302a986f5c2876638b99e8c892e | commitdiff |
[core] fix one-byte OOB read (underflow)
In some circumstances, if the character on the heap prior to the
beginning of the request is '\r', then it would be overwritten with '\0'
With default compiler flags, this does not appear to occur in practice
and we therefore believe it to be a low-probability vulnerability.
(thx Antonio Morales)
This issue was discovered and reported by GSL team member @
<https://github.com/antonio-morales>antonio-morales
<https://github.com/antonio-morales> (Antonio Morales)
In some circumstances, if the character on the heap prior to the
beginning of the request is '\r', then it would be overwritten with '\0'
With default compiler flags, this does not appear to occur in practice
and we therefore believe it to be a low-probability vulnerability.
(thx Antonio Morales)
This issue was discovered and reported by GSL team member @
<https://github.com/antonio-morales>antonio-morales
<https://github.com/antonio-morales> (Antonio Morales)
| src/request.c | diffblobblamehistory |