Skip to content

fix: arithmetic multiplication used to compute alloc... in...#72

Open
orbisai0security wants to merge 1 commit into
tuya:mainfrom
orbisai0security:fix-integer-overflow-malloc-dnsserver
Open

fix: arithmetic multiplication used to compute alloc... in...#72
orbisai0security wants to merge 1 commit into
tuya:mainfrom
orbisai0security:fix-integer-overflow-malloc-dnsserver

Conversation

@orbisai0security

Copy link
Copy Markdown

Summary

Fix high severity security issue in libraries/DNSServer/src/DNSServer.cpp.

Vulnerability

Field Value
ID utils.custom.integer-overflow-malloc
Severity HIGH
Scanner semgrep
Rule utils.custom.integer-overflow-malloc
File libraries/DNSServer/src/DNSServer.cpp:78

Description: Arithmetic multiplication used to compute allocation size without overflow check. If the multiplication wraps, a too-small buffer is allocated, leading to heap overflow. Check for overflow before allocating.

Changes

  • libraries/DNSServer/src/DNSServer.cpp

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

Automated security fix generated by Orbis Security AI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant