Closed
Bug 818292
Opened 12 years ago
Closed 12 years ago
Unchecked memcpy in nr_stun_msg_create2
Categories
(Core :: WebRTC: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 818293
People
(Reporter: ekr, Unassigned)
Details
The following code is very unsafe. We need to check length somewhere or alternately truncate to the buffer length. int nr_stun_message_create2(nr_stun_message **msg, UCHAR *buffer, int length) { int r,_status; nr_stun_message *m = 0; if ((r=nr_stun_message_create(&m))) ABORT(r); memcpy(m->buffer, buffer, length); m->length = length; *msg = m; _status=0; abort: return(_status); }
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•