comment regarding CVE-2015-4141 fix

Daniel Gutson daniel.gutson
Fri Jun 19 09:41:18 PDT 2015


 this is my first post regarding CVE, and I'm not sure this is the
right place, so sorry if it isn't.

IIUC, h->chunk_size is a signed integer, whereas a size (IIUC, again)
should always be positive unless
negative numbers have a special meaning.
Is there any reason not to be sign-correct and declare it as unsigned,
as a more root solution, rather than
add checks spread in the code? (since there could already be other
places where it could wrap around, or
could be future uses of it). I acknowledge that the check for the
upper limit (h->max_bytes) should still
be done, but checking a size as below to zero may make less sense for
future maintainers.
Maybe redeclare it as size_t?

Please let me know if I'm too wrong.




Daniel F. Gutson
Chief Engineering Officer, SPD

San Lorenzo 47, 3rd Floor, Office 5
C?rdoba, Argentina

Phone:   +54 351 4217888 / +54 351 4218211
Skype:    dgutson

More information about the Hostap mailing list