The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Branch: refs/heads/master
I am not sure click though certificate warning is that much of a
security issue in this context neither OpenWrt should have certificates
issued by default if I understood it correctly.
Most people accessing OpenWrt LuCI interface knows what it is and would
not find it strange to have to
Hi
On 2020-10-04, abnoeh wrote:
> Few months ago there was some debate for how we handle certificate for
> luci page: make user to click though certificate warning is not that
> great for security so here is a proposal for autometically assign a
> worldwide unique subdomain and how to make valid
This fixes a heap overflow in the parsing of the uci line.
The line which is parsed and put into pctx->buf is null terminated and
stored on the heap. In the uci_parse_line() function we use strtok() to
split this string in multiple parts after divided by a space or tab.
strtok() replaces these
The bufsz variable is used to store the size of the buf memory region
and pos is used to index a position in this memory. Use size_t for these
variables in the internal handling instaed of int to not break with big
files.
Signed-off-by: Hauke Mehrtens
---
file.c | 14 +++---
This is based on Petr's "[PATCH uci 0/6] fixes and improvements" patches.
This fixes an additional heap read overflow and some other problems I
discovered by analyzing and fixing the problem.
Changelog:
v1:
- only "file: Check buffer size after strtok()"
Hauke Mehrtens (4):
file: use size_t
Instead of manually clearing the memory with memset() use calloc().
Signed-off-by: Hauke Mehrtens
---
cli.c| 3 +--
libuci.c | 3 +--
ucimap.c | 6 ++
util.c | 3 +--
4 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/cli.c b/cli.c
index 6ba97ea..267437d 100644
---
Check the return value of malloc() before accessing it.
Signed-off-by: Hauke Mehrtens
---
ucimap.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ucimap.c b/ucimap.c
index 7c2b043..c46cf45 100644
--- a/ucimap.c
+++ b/ucimap.c
@@ -893,14 +893,16 @@ ucimap_parse(struct
On 10/3/20 9:48 AM, Petr Štetiar wrote:
> LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
>
> LibFuzzer is linked with the library under test, and feeds fuzzed inputs
> to the library via a specific fuzzing entrypoint (aka "target
> function"); the fuzzer then tracks which
On 10/3/20 9:48 AM, Petr Štetiar wrote:
> Use valgrind and uci cli compiled with undefined, address and leak
> sanitizers.
> diff --git a/tests/cram/test-san_uci_import.t
> b/tests/cram/test-san_uci_import.t
> new file mode 100644
> index ..7faed221f93e
> --- /dev/null
> +++
Few months ago there was some debate for how we handle certificate for
luci page: make user to click though certificate warning is not that
great for security so here is a proposal for autometically assign a
worldwide unique subdomain and how to make valid certificate for it, and
make sure we
11 matches
Mail list logo