comment regarding CVE-2015-4141 fix
Fri Jun 19 09:41:18 PDT 2015
this is my first post regarding CVE, and I'm not sure this is the
right place, so sorry if it isn't.
IIUC, h->chunk_size is a signed integer, whereas a size (IIUC, again)
should always be positive unless
negative numbers have a special meaning.
Is there any reason not to be sign-correct and declare it as unsigned,
as a more root solution, rather than
add checks spread in the code? (since there could already be other
places where it could wrap around, or
could be future uses of it). I acknowledge that the check for the
upper limit (h->max_bytes) should still
be done, but checking a size as below to zero may make less sense for
Maybe redeclare it as size_t?
Please let me know if I'm too wrong.
Daniel F. Gutson
Chief Engineering Officer, SPD
San Lorenzo 47, 3rd Floor, Office 5
Phone: +54 351 4217888 / +54 351 4218211
More information about the Hostap