加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
backport-0004-CVE-2020-14355.patch 1.12 KB
一键复制 编辑 原始数据 按行查看 历史
靳智敏 提交于 2021-02-23 14:56 . fix CVE-2020-14355
From b24fe6b66b86e601c725d30f00c37e684b6395b6 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Thu, 30 Apr 2020 10:19:09 +0100
Subject: [PATCH] quic: Avoid possible buffer overflow in find_bucket
Proved by fuzzing the code.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
subprojects/spice-common/common//quic_family_tmpl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/subprojects/spice-common/common/quic_family_tmpl.c
+++ b/subprojects/spice-common/common/quic_family_tmpl.c
@@ -105,7 +105,12 @@ static s_bucket *FNAME(find_bucket)(Chan
spice_assert(val < (0x1U << BPC));
}
- return channel->_buckets_ptrs[val];
+ /* The and (&) here is to avoid buffer overflows in case of garbage or malicious
+ * attempts. Is much faster then using comparisons and save us from such situations.
+ * Note that on normal build the check above won't be compiled as this code path
+ * is pretty hot and would cause speed regressions.
+ */
+ return channel->_buckets_ptrs[val & ((1U << BPC) - 1)];
}
#undef FNAME
--
GitLab
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化