Uploaded image for project: 'Open Development'
  1. Open Development
  2. OPEN-308

CURL API usage error in llcorehttp

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Unset
    • Resolution: Unresolved
    • Component/s: None
    • Labels:
      None
    • Patch attached:
      Patch attached

      Description

      The HttpLibcurl::completeRequest function in llcorehttp/_httplibcurl.cpp calls curl_easy_getinfo() with the function code CURLINFO_RESPONSE_CODE. It passes a pointer to an int as the argument. The CURL API documentation specifies that this call requires a pointer to a long. This may or may not cause a crash if the library tries to write to a larger memory field than was allocated.

      Since the function is defined in CURL with varargs, no type checking is done on the argument. Hence, this code will build fine, even if the wrong argument type is passed.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            tonya.souther Tonya Souther
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                PagerDuty