View previous topic :: View next topic |
Author |
Message |
DigitalXeron
Joined: 24 Apr 2007 Posts: 3
|
Posted: Thu Apr 09, 2009 9:50 pm Post subject: Possible integer overflow |
|
|
Hi,
I have discovered a possible integer overflow in the miniupnpc-20090129.tar.gz package. The "Bytes" section of the "-s" parameter only allows entries to go up to 2^32 (4,294,967,296). However, if the counter exceeds this, it loops back to 0 and begins counting up from that again, indicating an integer overflow, thus producing potentially inaccurate results.
Thanks.
Edit:
I have reviewed the source code and it seems as if many of the counters are using unsigned ints, which have an upper limit of 2^32 (4,294,967,296) on 32-bit systems (see: limits.h). This might be what is causing the issue at hand, however, I do not know this codebase sufficiently to make all changes nessasary to convert the all of the counters into a more appropreate data type. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Fri Apr 10, 2009 9:08 am Post subject: |
|
|
I agree this limitation should be properly documented.
but nobody cares much...
If you really care, you could do a patch using type unsigned long long and function strtoull() by modifying relevant functions in upnpcommands.c. I'll may do that when I had some free time. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
DigitalXeron
Joined: 24 Apr 2007 Posts: 3
|
Posted: Fri Apr 10, 2009 9:33 am Post subject: |
|
|
Thanks, I'll see what I can do as far as a patch is concerned. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
© 2007 Thomas Bernard, author of MiniUPNP.
|