ripple / crypto-conditions

A Java implementation of Crypto-Conditions (draft-thomas-crypto-conditions)
Apache License 2.0
5 stars 12 forks source link

Fix potential large memory allocation in DerInputStream #43

Closed nhartner closed 3 months ago

nhartner commented 3 months ago

The object length limit check was adding 2 int values which could result in an overflow exception, allowing very large lengths to bypass the limit enforcement. Now the limit check casts the value to a long before doing addition to avoid integer overflow.

codecov-commenter commented 3 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 82.77%. Comparing base (f50ad63) to head (c79b2cf).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #43 +/- ## ============================================ + Coverage 82.32% 82.77% +0.44% - Complexity 174 176 +2 ============================================ Files 33 33 Lines 1126 1126 Branches 99 99 ============================================ + Hits 927 932 +5 + Misses 153 149 -4 + Partials 46 45 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.