Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: out-of-bounds read of MIME types #1104

Merged
merged 1 commit into from
Mar 4, 2024
Merged

fix: out-of-bounds read of MIME types #1104

merged 1 commit into from
Mar 4, 2024

Conversation

VoltrexKeyva
Copy link
Contributor

Since i is the index, it should be less than the size of the vector but the mimetypes.size() < i condition does not check for i being the same as the size of the vector, which causes an out-of-bounds read in the right operand of the logical OR (||) operator which is mimetypes[i].empty().

Code change checklist

  • I have ensured that all methods and functions are fully documented using doxygen style comments.
  • My code follows the coding style guide.
  • I tested that my change works before raising the PR.
  • I have ensured that I did not break any existing API calls.
  • I have not built my pull request using AI, a static analysis tool or similar without any human oversight.

@VoltrexKeyva
fix: out-of-bounds read of MIME types
646c11f 
Since `i` is the index, it should be less than the size of the vector
but the `mimetypes.size() < i` condition does not check for `i` being
the same as the size of the vector, which causes an out-of-bounds read
in the right operand of the logical OR (`||`) operator which is
`mimetypes[i].empty()`.
@netlify Netlify
Copy link

netlify bot commented Mar 4, 2024
edited
Loading

Deploy Preview for dpp-dev ready!

Name Link
🔨 Latest commit 646c11f
🔍 Latest deploy log https://app.netlify.com/sites/dpp-dev/deploys/65e5ca0a27c27d0008cdcc11
😎 Deploy Preview https://deploy-preview-1104--dpp-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-actions github-actions bot added the code Improvements or additions to code. label Mar 4, 2024
@braindigitalis
Copy link
Contributor

braindigitalis commented Mar 4, 2024
edited
Loading

no, i dont think this fix is right!

vectors are 0-based so its 0 thru n - 1, if you try to access n, this indeed would then be out of bounds...

braindigitalis
braindigitalis previously requested changes Mar 4, 2024
View reviewed changes
src/dpp/httpsclient.cpp Show resolved Hide resolved
@braindigitalis braindigitalis dismissed their stale review March 4, 2024 14:22

not required

@braindigitalis braindigitalis merged commit 3f34d9d into brainboxdotcc:dev Mar 4, 2024
43 of 44 checks passed
@braindigitalis
Copy link
Contributor

thanks, i'll merge it as is :)

@VoltrexKeyva VoltrexKeyva deleted the fix-out-of-bounds branch March 4, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@braindigitalis braindigitalis braindigitalis left review comments

@Mishura4 Mishura4 Mishura4 approved these changes

Assignees
No one assigned
Labels
code Improvements or additions to code.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VoltrexKeyva @braindigitalis @Mishura4