Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
spice.19889
0004-quic-Avoid-possible-buffer-overflow-in-fin...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch of Package spice.19889
From b24fe6b66b86e601c725d30f00c37e684b6395b6 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <freddy77@gmail.com> Date: Thu, 30 Apr 2020 10:19:09 +0100 Subject: [PATCH spice-common 4/4] quic: Avoid possible buffer overflow in find_bucket Proved by fuzzing the code. Signed-off-by: Frediano Ziglio <freddy77@gmail.com> Acked-by: Uri Lublin <uril@redhat.com> Signed-off-by: Bruce Rogers <brogers@suse.com> --- subprojects/spice-common/common/quic_family_tmpl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/subprojects/spice-common/common/quic_family_tmpl.c b/subprojects/spice-common/common/quic_family_tmpl.c index 8a5f7d2..6cc051b 100644 --- a/subprojects/spice-common/common/quic_family_tmpl.c +++ b/subprojects/spice-common/common/quic_family_tmpl.c @@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val) spice_assert(val < (0x1U << BPC)); } - return channel->_buckets_ptrs[val]; + /* The and (&) here is to avoid buffer overflows in case of garbage or malicious + * attempts. Is much faster then using comparisons and save us from such situations. + * Note that on normal build the check above won't be compiled as this code path + * is pretty hot and would cause speed regressions. + */ + return channel->_buckets_ptrs[val & ((1U << BPC) - 1)]; } #undef FNAME -- 2.25.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor