Uploaded image for project: 'IoTivity'
  1. IoTivity
  2. IOT-2122

[Security][Buffer overflow] No check 'ftell' return value

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Undecided
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: IoTivity 1.3.0
    • Component/s: SDK
    • Labels:
      None
    • Found in Version/s:
      1.3.0-RC1
    • Issue Severity:
      Normal
    • Reproducibility:
      Always (100%)
    • Bugzilla ID:
      None

      Description

      ■ Location:

      src/extlibs/rapidjson/rapidjson/test/perftest/perftest.h:85

       

              fseek(fp, 0, SEEK_END);
              length_ = (size_t)ftell(fp);
              fseek(fp, 0, SEEK_SET);
              json_ = (char*)malloc(length_ + 1);
              ASSERT_EQ(length_, fread(json_, 1, length_, fp));

      src/extlibs/rapidjson/rapidjson/test/unittest/encodedstreamtest.cpp:70

      src/extlibs/rapidjson/rapidjson/test/unittest/filestreamtest.cpp:45

      src/extlibs/rapidjson/rapidjson/test/unittest/jsoncheckertest.cpp:42

      src/extlibs/rapidjson/rapidjson/test/unittest/prettywritertest.cpp:152

      src/bridging/plugins/hue_plugin/hue_file.cpp:80 (although there is a check after 'malloc')

      ■ Description:

      'ftell' returns -1 (or unsigned 0xFFFFFFFF on 32-bit system) if there is an error. This will lead that malloc will try to allocate 0 bytes (typically small buffer allocated). But 'fread' will take large number as length.

      ■ Recommended Mitigation:

      Check 'fseek' return value.

      ■ Note (Used Tools or Environments)

      IoTivity_1.3.0_RC1

       

      ============= Request for Defect Modification Comment ==========

      4b3054591ed075e5647561669415494391570ba3
      =========================================================

       

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              todd.malsbary Todd Malsbary
              Reporter:
              n.t Nikolay Taranin
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: