miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Possible integer overflow

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpc Bugs
View previous topic :: View next topic  
Author Message
DigitalXeron



Joined: 24 Apr 2007
Posts: 3

PostPosted: Thu Apr 09, 2009 9:50 pm    Post subject: Possible integer overflow Reply with quote

Hi,

I have discovered a possible integer overflow in the miniupnpc-20090129.tar.gz package. The "Bytes" section of the "-s" parameter only allows entries to go up to 2^32 (4,294,967,296). However, if the counter exceeds this, it loops back to 0 and begins counting up from that again, indicating an integer overflow, thus producing potentially inaccurate results.

Thanks.

Edit:
I have reviewed the source code and it seems as if many of the counters are using unsigned ints, which have an upper limit of 2^32 (4,294,967,296) on 32-bit systems (see: limits.h). This might be what is causing the issue at hand, however, I do not know this codebase sufficiently to make all changes nessasary to convert the all of the counters into a more appropreate data type.
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1525

PostPosted: Fri Apr 10, 2009 9:08 am    Post subject: Reply with quote

I agree this limitation should be properly documented.
but nobody cares much...

If you really care, you could do a patch using type unsigned long long and function strtoull() by modifying relevant functions in upnpcommands.c. I'll may do that when I had some free time.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
DigitalXeron



Joined: 24 Apr 2007
Posts: 3

PostPosted: Fri Apr 10, 2009 9:33 am    Post subject: Reply with quote

Thanks, I'll see what I can do as far as a patch is concerned.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpc Bugs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.