Skip to content

Commit 97e1a10

Browse files
jengelhjengelh
committed
midb_agent: reduce stack usage / resolve OOB write
4. tainted_data_return: Called function read(pback->sockd, buff + offset, 262144 - offset), and a possible return value may be less than zero. 5. cast_overflow: An assign that casts to a different type, which might trigger an overflow. CID 1589501: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [enum_subscriptions] CID 1589502: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [enum_folders] CID 1589506: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [fetch_detail_uid] CID 1589510: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [list_deleted] CID 1589520: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [fetch_simple_uid] CID 1589522: (#1 of 1): Overflowed array index write (INTEGER_OVERFLOW) [list_mail] 8. deref_overflow: offset, which might have overflowed, is used in a pointer index in buff[offset]. Basically, if ``read()`` fills the complete buffer (256K), then buff[offset]='\0' will write to one past the last. Switching to std::string helps get rid of the huge stack variable as well as getting a safe guaranteed terminator.
1 parent 79dd170 commit 97e1a10

File tree

2 files changed

+77
-66
lines changed

2 files changed

+77
-66
lines changed

Makefile.am

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@ libgxs_event_stub_la_LIBADD = -lpthread ${libHX_LIBS} libgromox_common.la
126126
EXTRA_libgxs_event_stub_la_DEPENDENCIES = default.sym
127127
libgxs_midb_agent_la_SOURCES = mra/midb_agent.cpp mra/midb_agent.hpp
128128
libgxs_midb_agent_la_LDFLAGS = ${default_SYFLAGS}
129-
libgxs_midb_agent_la_LIBADD = -lpthread ${libHX_LIBS} libgromox_common.la
129+
libgxs_midb_agent_la_LIBADD = -lpthread ${fmt_LIBS} ${libHX_LIBS} libgromox_common.la
130130
EXTRA_libgxs_midb_agent_la_DEPENDENCIES = default.sym
131131

132132
http_SOURCES = exch/http/cache.cpp exch/http/cache.hpp exch/http/fastcgi.cpp exch/http/fastcgi.hpp exch/http/hpm_processor.cpp exch/http/hpm_processor.hpp exch/http/http_parser.cpp exch/http/http_parser.hpp exch/http/listener.cpp exch/http/listener.hpp exch/http/main.cpp exch/http/pdu_ndr.cpp exch/http/pdu_ndr.hpp exch/http/pdu_ndr_ids.hpp exch/http/pdu_processor.cpp exch/http/pdu_processor.hpp exch/http/resource.hpp exch/http/rewrite.cpp exch/http/rewrite.hpp exch/http/system_services.cpp exch/http/system_services.hpp

0 commit comments

Comments
 (0)