New issue
Advanced search Search tips

Issue 162066 link

Starred by 0 users

Issue metadata

Status: Fixed
Owner:
Closed: Dec 2012
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

LOGFONT IPC deserializer doesn't require NULL terminated lfFaceName

Project Member Reported by jsc...@chromium.org, Nov 20 2012

Issue description

Not sure you can do much with this because it's fed directly to the OS, but it scares me.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 21 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=168937

------------------------------------------------------------------------
r168937 | jschuh@chromium.org | 2012-11-21T00:58:00.263222Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/ipc/ipc_message_utils.cc?r1=168937&r2=168936&pathrev=168937

Verify lfFaceName is NUL terminated in IPC deserializer.

BUG= 162066 

Review URL: https://chromiumcodereview.appspot.com/11416115
------------------------------------------------------------------------

Comment 2 by jsc...@chromium.org, Nov 21 2012

Labels: Merge-Approved
Status: FixUnreleased

Comment 3 by jsc...@chromium.org, Nov 26 2012

Labels: Audit-IPC
Labels: -Restrict-View-SecurityTeam -Merge-Approved Restrict-View-SecurityNotify Merge-Merged
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 30 2012

Labels: merge-merged-1312
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=170566

------------------------------------------------------------------------
r170566 | cevans@chromium.org | 2012-11-30T22:03:14.181152Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1312/src/ipc/ipc_message_utils.cc?r1=170566&r2=170565&pathrev=170566

Merge 168937 - Verify lfFaceName is NUL terminated in IPC deserializer.

BUG= 162066 

Review URL: https://chromiumcodereview.appspot.com/11416115

TBR=jschuh@chromium.org
Review URL: https://codereview.chromium.org/11412282
------------------------------------------------------------------------
Labels: Release-0

Comment 7 by jsc...@chromium.org, Dec 20 2012

Status: Fixed
Labels: CVE-2013-0830
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Type-Security -Area-Internals -SecSeverity-Low -SecImpacts-Stable -SecImpacts-Beta -Mstone-24 Security-Severity-Low Security-Impact-Stable Security-Impact-Beta Cr-Internals M-24 Type-Bug-Security
Labels: -Restrict-View-SecurityNotify
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-Low Security_Severity-Low
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 13 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member

Comment 14 by sheriffbot@chromium.org, Jun 14 2016

Labels: -security_impact-beta
Project Member

Comment 15 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Labels: CVE_description-submitted

Sign in to add a comment