Security

DC PHP Meetup 8/10/2016

Submitted by maaj2900 on Thu, 08/11/2016 - 00:00

A talk that I gave for DC PHP's August monthly meeting about Input Validation.

Tags:

Input Validaton

Read more about DC PHP Meetup 8/10/2016
Log in to post comments

Code change for CVE-2014-3710

Submitted by maaj2900 on Mon, 11/10/2014 - 15:14

ext/fileinfo/libmagic/readelf.c

function header

private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, int, size_t, int *);

CODE CHANGE

— a/ext/fileinfo/libmagic/readelf.c

+++ b/ext/fileinfo/libmagic/readelf.c

@@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf);

+ if (xnh_sizeof + offset > size) {

+ /*

Tags:

Buffer Overflow

Read more about Code change for CVE-2014-3710
Log in to post comments