[Security][Buffer Overflow] Buffer overrun can be occured
■ 위치 :
resource/csdk/connectivity/lib/libcoap-4.1.1/resource.c:557
■ 내용 :
HASH_FIND -> HASH_FCN -> HASH_JEN으로 호출되는 경우 buffer overflow 발생 (key는 unsigned char[4]인데, HASH_JEN 내에서는 (unsigned)_jh_key[11]까지 access)
■ 대응 방안 :
Build Option/MACRO 및 로직 점검 후 수정
■ 비고 (사용된 Tool 또는 환경 등)
IoTivity_1.1.0_RC1
============= Defect 수정 관련 Comment 내용 요청사항 ==========
-
git commit ID 또는 gerrit 링크 명시
-
=========================================================
JIRA migration meta data
- JIRA Issue ID: IOT-1054
- Reporter: jspark
- Assignee: mg.jeong
- Creator: jspark
- Created at: 2016-03-29T00:28:46.000-0700
- Found in Version: 1.1.0
- Fix in Version: None
- Issue Severity: Major
- Reproducibility: Always (100%)
- Operating System: Ubuntu
- Hardware/ OEM Platform: None
- External URL: None
- Bugzilla ID: None
- Product: None
- Status: Closed
- Components: Build System
- Priority: Undecided
- Due Date: None
-
Issue Type: Bug
END of JIRA migration meta data