comment regarding CVE-2015-4141 fix

Jouni Malinen j at w1.fi
Sat Jun 27 16:44:14 EDT 2015


On Fri, Jun 19, 2015 at 01:41:18PM -0300, Daniel Gutson wrote:
> IIUC, h->chunk_size is a signed integer, whereas a size (IIUC, again)
> should always be positive unless
> negative numbers have a special meaning.
> Is there any reason not to be sign-correct and declare it as unsigned,
> as a more root solution, rather than
> add checks spread in the code? (since there could already be other
> places where it could wrap around, or
> could be future uses of it). I acknowledge that the check for the
> upper limit (h->max_bytes) should still
> be done, but checking a size as below to zero may make less sense for
> future maintainers.
> Maybe redeclare it as size_t?

That would be significantly more complex patch than the initial fix for
the issue and significantly more work to make sure things are done
correctly. This should also address multiple other variables in
httpread.c. It might be a worthwhile cleanup to do at some point in
time.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list