comment regarding CVE-2015-4141 fix

Daniel Gutson daniel.gutson at tallertechnologies.com
Fri Jun 19 12:41:18 EDT 2015


Hi,

 this is my first post regarding CVE, and I'm not sure this is the
right place, so sorry if it isn't.

IIUC, h->chunk_size is a signed integer, whereas a size (IIUC, again)
should always be positive unless
negative numbers have a special meaning.
Is there any reason not to be sign-correct and declare it as unsigned,
as a more root solution, rather than
add checks spread in the code? (since there could already be other
places where it could wrap around, or
could be future uses of it). I acknowledge that the check for the
upper limit (h->max_bytes) should still
be done, but checking a size as below to zero may make less sense for
future maintainers.
Maybe redeclare it as size_t?

Please let me know if I'm too wrong.

Thanks!

   Daniel.

--

Daniel F. Gutson
Chief Engineering Officer, SPD

San Lorenzo 47, 3rd Floor, Office 5
Córdoba, Argentina

Phone:   +54 351 4217888 / +54 351 4218211
Skype:    dgutson
LinkedIn: http://ar.linkedin.com/in/danielgutson


More information about the HostAP mailing list