Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_az_json_writer_escape_and_copy( ) - Out-Of-Bounds Write (CWE-787) #2238

Open
ericwol-msft opened this issue Jun 16, 2022 · 0 comments
Open

_az_json_writer_escape_and_copy( ) - Out-Of-Bounds Write (CWE-787) #2238

ericwol-msft opened this issue Jun 16, 2022 · 0 comments
Assignees
@gearama
Labels
Azure.Core bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library.

Comments

@ericwol-msft
Copy link
Contributor

Overshoots the allocated Memory for destination, leads to over-writing other variables in adjacent memory.
File: src\azure\core\az_json_writer.c
API: _az_json_writer_escape_and_copy ( )
Line: 379
Issue: During encoding, if the source contains:

  • 2 or more Escape Characters.
  • Example: ‘\\’, ‘”’, ‘\b’, ‘\n’, ‘\r’, ‘\t’, etc.
    Each character requires 1 additional Byte.
  • 1 or more Unicode Escape Sequence.
    Example: ‘\0’, ‘ACK’, ‘BS’, ‘ESC’, etc.
    Each character requires 5 additional Bytes.

Solution :
A condition needs to be added after L:378 that checks for the availability of sufficient Memory Buffer in
remaining_destination, in every iteration, depending on the type of character ch.

image
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jun 16, 2022
@RickWinter RickWinter added bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. Azure.Core labels Jun 20, 2022
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jun 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gearama gearama

Labels
Azure.Core bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RickWinter @ericwol-msft @gearama