Skip to content

Security: Multiple possible Intiger Overflows in HopfieldOptions.cc #4

@Shinkurt

Description

@Shinkurt

opencog/examples/hopfield/HopfieldOptions.cc , uses and calls for atoi() multiple times (197, 200, 203, 204, 207...)

In the case of atoi, if the input recieved is not checked, the resulting number can exceed the expected range -- causing integer or stack overflows.

If source is untrusted (meaning recieved from user-input), check both minimum and maximum with INT_MAX and INT_MIN for ints, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).

Using these to map variables while calling for atoi() would be nice

  • strtol() LONG_MIN LONG_MAX
  • strtoll() LLONG_MIN LLONG_MAX
  • strtoimax() INTMAX_MIN INTMAX_MAX
  • strtoq() LLONG_MIN LLONG_MAX

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions