New issue
Advanced search Search tips

Issue 617896 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Input-validation/String termination - Undefined behaviour, Crash, Buffer Overflow

Reported by eternalg...@gmail.com, Jun 7 2016 


VULNERABILITY DETAILS
Source: https://chromium.googlesource.com/chromium/src/+/master/url/url_util_unittest.cc

The sourcecode above contains multiple cases of non proper use of "strlen".
It does nog handle strings that are not \0-terminated.
This may cause undefined behavior of the program.
If your string is not /0-terminated, the function will keep looking until it finds one. It may also return a lenght greater then expected, with a lot of unexpected values in it (in the worst cases it may even cause a buffer overflow).

VERSION
Chrome Version: stable
Operating System: All

REPRODUCTION CASE
Insert values, that are not \0-terminated, the program will most likely crash or cause undefined behaviour.

Comment 1 by nparker@chromium.org, Jun 8 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
All of the strlen's there are using constants defined in that file, so they would be null terminated.  And it's all test code.  It is not a security vulnerability
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment