Skip to content

Fix size_t overflow in Malloc() argument in ReadParams() #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix size_t overflow in Malloc() argument in ReadParams() #77

wants to merge 1 commit into from

Conversation

@ppisar
Copy link

@ppisar ppisar commented May 19, 2025

There were still two issues after commit
b0eabca (Update fcgiapp.c, Fixing an integer overflow (CVE-2025-23016)):

  • Signed int overflow in "nameLen + valueLen + 2" expression.

  • Sizes of size_t and int types are in general unrelated.

This fix resolves both of the issues.

Related to CVE-2025-23016.
Resolve #67.

@ppisar ppisar mentioned this pull request May 19, 2025
Closed
@ppisar
Fix size_t overflow in Malloc() argument in ReadParams()
7c47639 
There were still two issues after commit
b0eabca (Update fcgiapp.c, Fixing an
integer overflow (CVE-2025-23016)):

* Signed int overflow in "nameLen + valueLen + 2" expression.

* Sizes of size_t and int types are in general unrelated.

This fix resolves both of the issues.

Related to CVE-2025-23016.
Resolve FastCGI-Archives#67.

Signed-off-by: Petr Písař <ppisar@redhat.com>
@ppisar ppisar force-pushed the CVE-2025-23016-malloc branch from a6dd59b to 7c47639 Compare May 19, 2025 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security vulnerability - memory corruption] Integer overflow into heap overflow

1 participant

@ppisar