On Sun, Apr 20, 2014 at 04:30:20PM +0200, Holger Hans Peter Freyther wrote:
ping? > > i had that patch done already. (see attachment) > > what was the message id? I didn't see it. Could you please answer this one? > This lacks input validation. The code needs to check that the data > we read is within the bounds of the msgb and the data we write is within > the bounds too. Do you understand the severity? It is this kind of issue that OpenSSL had with hearbleed. In this case our length is only a uint8_t and our msgb is most likely over-allocated so we might be lucky that nothing else will be leaked from the application. holger
