Closed
Bug 818292
Opened 12 years ago
Closed 12 years ago
Unchecked memcpy in nr_stun_msg_create2
Categories
(Core :: WebRTC: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 818293
People
(Reporter: ekr, Unassigned)
Details
The following code is very unsafe. We need to check length somewhere
or alternately truncate to the buffer length.
int
nr_stun_message_create2(nr_stun_message **msg, UCHAR *buffer, int length)
{
int r,_status;
nr_stun_message *m = 0;
if ((r=nr_stun_message_create(&m)))
ABORT(r);
memcpy(m->buffer, buffer, length);
m->length = length;
*msg = m;
_status=0;
abort:
return(_status);
}
|
Reporter | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
||
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•