encoder_append_var buffer overflow

named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.

https://ndn-lite.named-data.net

GNU Lesser General Public License v3.0

44 stars 16 forks source link

encoder_append_var buffer overflow #15

Closed yoursunny closed 5 years ago

yoursunny commented 5 years ago

As of 8d097581e70998c34f0d69933dd153b07fe28c04, encoder_append_var checks whether appending a number would exceed output_max_size in 3-octet case, but not in 1-octet and 5-octet cases.

Zhiyi-Zhang commented 5 years ago

Commit 7ab17e0 will address this issue. Thank you for pointing this out.