Potential integer overflow in sds.c

slact / nchan

Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE), powered by Nginx.

https://nchan.io/

Other

2.99k stars 292 forks source link

Potential integer overflow in sds.c #682

Closed Crispy-fried-chicken closed 4 months ago

Crispy-fried-chicken commented 5 months ago

The sdsnewlen and sdsMakeRoomFor function implemented in sds.c is quite similiar to those in the redis. Thus, it's very likely that this integer overflow in CVE-2021-21309 also affects nchan. Here is the patch for CVE-2021-21309 for your reference if this issue needs to be fixed. Would you can help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!

slact commented 4 months ago

Low effort PR cloutchasing. I will let you figure out yourself why this is not relevant.