Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ember code to enforce buffer size safety #4394

Open
andy31415 opened this issue Jan 15, 2021 · 1 comment
Open

Update ember code to enforce buffer size safety #4394

andy31415 opened this issue Jan 15, 2021 · 1 comment
Assignees
@bzbarsky-apple
Labels
security V1.X
Milestone
V0.7

Comments

@andy31415
Copy link
Contributor

Problem

#4382 highlights missing output buffer limits in ember code.
Specifically for data writes, no output buffer size is provided or validated.

Proposed Solution

We should use more BufBound or similar to ensure no buffer overflows.

Ideally we should also refactor for no method to be named with 'OR' and rely on needing to read documentation to understand (i.e. method name and args should make it obvious what it does).
@andy31415 andy31415 mentioned this issue Jan 15, 2021
Merged
@bzbarsky-apple
Copy link
Contributor

In particular, this is about emAfReadOrWriteAttribute and typeSensitiveMemCopy.

@bzbarsky-apple bzbarsky-apple self-assigned this Jan 16, 2021
@woody-apple woody-apple added this to the V0.7 milestone Feb 3, 2021
@woody-apple woody-apple added the p1 priority 1 work label Feb 3, 2021
@woody-apple woody-apple added V1.0 and removed V0.7 labels Oct 27, 2021
@woody-apple woody-apple added V1.X and removed V1.0 v1_secondary_triage p1 priority 1 work labels Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bzbarsky-apple bzbarsky-apple

Labels
security V1.X
Projects
None yet
Milestone
V0.7
Development

No branches or pull requests
4 participants
@andy31415 @cecille @woody-apple @bzbarsky-apple