From 2c0bbdf9b92d946ad28634d80653b177eaf74e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Thu, 8 May 2025 18:45:18 +0200 Subject: [PATCH] core: fix integer overflow in function util_version_number --- CHANGELOG.md | 1 + src/core/core-util.c | 4 +++- tests/unit/core/test-core-util.cpp | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4430c169..febe71ecd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - core: fix integer overflow with decimal numbers in calculation of expression - core: fix integer overflow in base32 encoding/decoding +- core: fix integer overflow in function util_version_number - core: fix memory leak in function util_parse_delay ## Version 4.6.2 (2025-04-18) diff --git a/src/core/core-util.c b/src/core/core-util.c index 0d3185b26..b232e9cb6 100644 --- a/src/core/core-util.c +++ b/src/core/core-util.c @@ -670,7 +670,9 @@ util_version_number (const char *version) { if (number < 0) number = 0; - else if (number > 0xFF) + else if ((i == 0) && (number > 0x7F)) + number = 0x7F; + else if ((i > 0) && (number > 0xFF)) number = 0xFF; version_int[i] = number; } diff --git a/tests/unit/core/test-core-util.cpp b/tests/unit/core/test-core-util.cpp index 149fd9e0e..19ff4a94c 100644 --- a/tests/unit/core/test-core-util.cpp +++ b/tests/unit/core/test-core-util.cpp @@ -537,4 +537,9 @@ TEST(CoreUtil, VersionNumber) LONGS_EQUAL(0x01010100, util_version_number ("1.1.1")); LONGS_EQUAL(0x01010200, util_version_number ("1.1.2")); LONGS_EQUAL(0x01020304, util_version_number ("1.2.3.4")); + LONGS_EQUAL(0x7EFFFFFF, util_version_number ("126.255.255.255")); + LONGS_EQUAL(0x7FFFFFFF, util_version_number ("127.255.255.255")); + LONGS_EQUAL(0x7FFFFFFF, util_version_number ("128.255.255.255")); + LONGS_EQUAL(0x7FFFFFFF, util_version_number ("255.255.255.255")); + LONGS_EQUAL(0x7FFFFFFF, util_version_number ("999999999.999999999.999999999.999999999"));; }