Denial of Service in BinaryDict.cpp #303
Comments
|
Prove it like this. ./opencc_dict -i POCs -o temp.txt -f ocd -t text |
|
Sorry, I tried to fix the security issue, but not so familiar with the code. Just post the draft patch, feel free to comment it. |
Thanks for reply. The patch looks good! |
|
Was the patch merged with a branch? If so, can you link to the fixing commit? Thanks! |
|
Maybe @epico can merge the patch. |
|
Created pull request #309 |
|
Sorry, I don't have write access to this repository. Please help merge the patch! |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hi, I am a security fan. And I found an out of bound pointer in BinaryDict.cpp which could lead to segment fault (Denial of Service if some applications use this library). In BinaryDict::NewFromFile, there are two offset which are keyOffset and valueOffset. So if I provide a .ocd file that I can control these two offsets, I can actually make it really big. So the pointers(const char* key and const char* value) will point to unreadable place. I've attached the POCs for these two pointers. Hope you can respond soon :)
POCs.zip
The text was updated successfully, but these errors were encountered: