Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ujson,perso_tlv,dice] Manual cherry-pick of #25958 #26093

Closed
wants to merge 3 commits into from
Closed

[ujson,perso_tlv,dice] Manual cherry-pick of #25958 #26093

wants to merge 3 commits into from

Conversation

anthonychen1251
Copy link
Member

This is a cherry-pick of #25958

@anthonychen1251
[ujson] fix the potential signed integer overflow
2c41429 
Using a signed integer (int64_t) to store the parsed integer value could
lead to an undefined behavior when parsing large numbers due to signed
integer overflow. To address this issue, the parsed value is now stored
in an unsigned integer (uint64_t). The updated implementation also
includes a check to ensure that the parsed value can be safely converted
back to a signed integer before copying it into the `result`.

Signed-off-by: Anthony Chen <antchen@google.com>
(cherry picked from commit 67b2fe4)
@anthonychen1251
[perso_tlv] add buffer size check in perso_tlv_data
50d3617 
This adds buffer size checks in `perso_tlv_data.c` to prevent potential
memory access vulnerabilities.

Signed-off-by: Anthony Chen <antchen@google.com>
(cherry picked from commit 78f1dc3)
@anthonychen1251
[dice] remove unused cert_size output parameter in dice_cert_check_valid
e57f154 
This removes the unused `cert_size` output parameter in the
`dice_cert_check_valid` function.

Also, the original implementation caused a clang compiler error due to
incompatible pointer types by passing `&cert_size` (size_t *) to the
`cert_x509_asn1_check_serial_number` function (expects a uint32_t * type).

Signed-off-by: Anthony Chen <antchen@google.com>
(cherry picked from commit 58e6fca)
@anthonychen1251 anthonychen1251 requested a review from a team as a code owner February 3, 2025 05:53
@anthonychen1251 anthonychen1251 requested review from jadephilipoom and removed request for a team February 3, 2025 05:53
@anthonychen1251
Copy link
Member Author

An automatic cherry-pick is created in #26104
Close this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jadephilipoom jadephilipoom Awaiting requested review from jadephilipoom jadephilipoom is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@anthonychen1251