core: fix possible integer overflow in net_box.c
The netbox_transport_send_and_recv() function takes a part of the response size as a parameter, and it is possible that the resulting size could become larger than SIZE_MAX, resulting in an integer overflow and a segmentation fault. Closes #tarantool/security#121 NO_DOC=bugfix
Showing
- changelogs/unreleased/ghs-121-too-big-buffer-size.md 3 additions, 0 deletionschangelogs/unreleased/ghs-121-too-big-buffer-size.md
- src/box/lua/net_box.c 8 additions, 2 deletionssrc/box/lua/net_box.c
- test/app-luatest/ghs_121_too_large_response_size_test.lua 16 additions, 0 deletionstest/app-luatest/ghs_121_too_large_response_size_test.lua
Loading
Please register or sign in to comment