freecwmp
[Top] [All Lists]

Re: [PATCH] fix authentication check for connection requests

To: Jonas Gorski <jonas.gorski@gmail.com>
Subject: Re: [PATCH] fix authentication check for connection requests
From: Luka Perkov <freecwmp@lukaperkov.net>
Date: Fri, 27 Jul 2012 01:39:52 +0200
Cc: freecwmp@linux-mips.org
In-reply-to: <1340030778-16412-1-git-send-email-jonas.gorski@gmail.com>
Mail-followup-to: Jonas Gorski <jonas.gorski@gmail.com>, freecwmp@linux-mips.org
Original-recipient: rfc822;freecwmp@linux-mips.org
References: <1340030778-16412-1-git-send-email-jonas.gorski@gmail.com>
Sender: freecwmp-bounce@linux-mips.org
User-agent: Mutt/1.5.21 (2010-09-15)
On Mon, Jun 18, 2012 at 04:46:18PM +0200, Jonas Gorski wrote:
> zstream_b64decode does not return a null terminated buffer, but the
> code assumes that it is. This results in buffer overflows until the
> next null byte is encountered in the length calculation, with
> possible false rejections.
> 
> Since zstream_b64decode puts the size of the buffer into size, we
> can directly use that instead of calculating the string length.
> 
> Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
> 
> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Applied. Thank you.

Regards,
Luka

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [PATCH] fix authentication check for connection requests, Luka Perkov <=