The variable s indicates a stack-allocated buffer of a fixed size. Also work->job_id, one of the dangerous-looking arguments, comes straight from the server and I did not see anything that would limit its size (*).
The other dangerous-looking argument is xnonce2str, which has a dynamic size in work->xnonce2_len.
This was fixed in pooler-cpuminer with the following commit. The vulnerability appears to have first been reported here.
In submit_upstream_work, line 452 :
The variable
sindicates a stack-allocated buffer of a fixed size. Alsowork->job_id, one of the dangerous-looking arguments, comes straight from the server and I did not see anything that would limit its size (*).The other dangerous-looking argument is
xnonce2str, which has a dynamic size inwork->xnonce2_len.This was fixed in pooler-cpuminer with the following commit. The vulnerability appears to have first been reported here.