curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Some question about CVE-2019-3823

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 2 Jan 2025 10:52:40 +0100 (CET)

On Thu, 2 Jan 2025, �� via curl-library wrote:

> Hello, I know the root cause about CVE-2019-3823[1] is strtol() call reads
> beyond the allocated buffer[3]. So I think the root cause statement should
> be the line 211: "*resp = curlx_sltosi(strtol(line, NULL, 10));". But the
> website tell me the Vulnerability introduce commit is 2766262a68[2]. In that
> commit, 'len == 5' is introduced, but I think it is not the Vulnerability
> introduce commit. The commit 5db0a412ff[4] is the introduced commit of
> function call 'strtol'.

I disagree. You need to read the logic around the strtol() code: the problem
was introduced by the additional (bad) logic in 2766262a68. Before that
change, the strtol() call was fine.

-- 
  / daniel.haxx.se || https://rock-solid.curl.dev

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2025-01-02

This message: [ Message body ]
Next message: Gavin D. Howard via curl-library: "Libcurl and WebSockets"
Previous message: Daniel Stenberg via curl-library: "Re: Some question about CVE-2022-35260"
In reply to: 陈星杵 via curl-library: "Some question about CVE-2019-3823"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]