On Thu, 2 Jan 2025, 陈星杵 via curl-library wrote:
Hello, I know the root cause about CVE-2019-3823[1] is strtol() call reads
beyond the allocated buffer[3]. So I think the root cause statement should
be the line 211: "*resp = curlx_sltosi(strtol(line, NULL, 10));". But the
website tell me the Vulnerability introduce commit is 2766262a68[2]. In that
commit, 'len == 5' is introduced, but I think it is not the Vulnerability
introduce commit. The commit 5db0a412ff[4] is the introduced commit of
function call 'strtol'.
I disagree. You need to read the logic around the strtol() code: the problem
was introduced by the additional (bad) logic in 2766262a68. Before that
change, the strtol() call was fine.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
