search

Karlson2k / libmicrohttpd

GNU libmicrohttpd repository unofficial mirror on GitHub
https://www.gnu.org/software/libmicrohttpd/
Other
101 stars 29 forks source link

Invalid memory access in connection.c #19

Closed otirafuu closed 1 year ago

otirafuu commented 1 year ago

In https://github.com/Karlson2k/libmicrohttpd/blob/master/src/microhttpd/connection.c#L5437 The memory copy seems to be invalid since both client_addr and addr are pointers and the memcpy plays with their address with addr_len, which seems to be invalid. 

      memcpy (&connection->connection_info_dummy.client_addr,
              &connection->addr,
              (size_t) connection->addr_len);
Karlson2k commented 1 year ago

Nice catch. Thanks! Should be fixed by 31ce530d6b9757f5489aa943d53553dc8a045f20.