Nsis_Imp July 2008

nsis_imp@informatik.uni-goettingen.de

2 participants
3 discussions

[Fwd: FreeNSIS 0.6.0 buffer overflow]
by Xiaoming Fu 08 Jul '08

08 Jul '08

-------- Original Message -------- Subject: FreeNSIS 0.6.0 buffer overflow Date: Tue, 8 Jul 2008 13:36:18 +0200 From: Nuutti Varis <nvaris(a)cs.helsinki.fi> To: Fu, Xiaoming <fu(a)cs.uni-goettingen.de> Greetings, There's a rather limiting issue in the FreeNSIS 0.6.0 release, causing a crash in GIST. In file SocketEventHandler.cpp, the SocketEventHandler::recvCModeMessage method seems to presume that the incoming data from a C-mode connection is always a maximum of 512 bytes, as indicated by line 157 in the source code. Additionally, the length of the buffer is not checked in the socket instance's recvMsg method (seems to use the regular recvMsg method of Socket.cpp in the case of TCP). This essentially causes an issue, where relatively small NSLPData (seems to be at minimum 468 bytes) objects cause memory corruption, due to buffer overflow in recvMsg method, and consequently, a crash in GIST. The previous version (0.5.1-dev) handled C-mode sockets differently, and as such, do not crash due to a larger buffer that is allocated in the SocketEventHandler::recvCModeMessage method. Best Regards, Nuutti Varis

2 1

[Fwd: FreeNSIS 0.6.0 buffer overflow]
by Xiaoming Fu 08 Jul '08

08 Jul '08

Hi, As suggested in the implementation page, better ask the implementation mailing list - I am forwarding this to the list. Regards, Xiaoming

1 0

[Fwd: [Nsis-imp] Goettingen NSIS implementation release 0.6.0]
by Xiaoming Fu 02 Jul '08

02 Jul '08

-------- Original Message -------- Subject: [Nsis-imp] Goettingen NSIS implementation release 0.6.0 Date: Wed, 02 Jul 2008 12:03:45 +0200 From: Xiaoming Fu <fu(a)cs.uni-goettingen.de> To: nsis-imp(a)informatik.uni-goettingen.de, nsis-imp(a)ietf.org hi all, Thanks to a number of feedbacks received and the introduction of some other changes, we made a new release 0.6.0 of our NSIS implementation online: http://user.informatik.uni-goettingen.de/~nsis/ Changes in 0.6.0: - GIST changes: (July 01, 2008): * Changed name to *FreeNSIS* * State Timeout added to the FSM * experimental arm support (use ./configure --enable-arm) * SetStaLifetime with 0 implemented to tear down state * activity timer implemented also to tear down state when not reset * revert v6 routing table, append fake routes with all local v6-adresses - QoS NSLP changes: * moved client socket handling to RMF * RSN handling moved to FSM * suport for stateless operations (experimental) * doxygen code documentation * Client exits after successful reservation/teardown * fixed several bugs * select reliable transport from config file * changed object structure to latest draft version * Litte-/Bit-Endian for float in TMOD-object * timer operation optimized, functions inline * support for flow-identifier in qos_client Thanks, - Xiaoming, Bernd Schloer and Christian Dickmann For further information: =============================================================== Questions, inquiries, comments, please kindly report to the following mailing list: nsis_imp at cs.uni-goettingen.de To subscribe: send an email to nsis_imp-request at cs.uni-goettingen.de with the text subscribe YOUR-EMAIL-ADDRESS in the message body. _______________________________________________ NSIS-imp mailing list NSIS-imp(a)ietf.org https://www.ietf.org/mailman/listinfo/nsis-imp

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Nsis_Imp July 2008