Check for potential buffer overflow in ecdecode.c ??
Langer, Christoph
christoph.langer at sap.com
Wed Aug 26 14:22:34 UTC 2015
Hi,
when running coverity checks on src/jdk.crypto.ec/share/native/libsunec/impl/ecdecode.c we had a finding that potentially the buffer "genenc" in function "gf_populate_params" could be exceeded as the length of input strings for the strcat operations is not checked. A check to satisfy coverity could look like:
http://cr.openjdk.java.net/~goetz/webrevs/ecdecode-strlen/webrev.01/
However, I'm not sure if that is really valuable. The data used for the strcat operations is defined rather statically in ecl-curve.h and as of now the buffer would not be exceeded in any case.
Any opinions about this check?
Best regards
Christoph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150826/391fe59f/attachment.htm>
More information about the security-dev
mailing list