Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | CVE-2017-12894/In lookup_bytestring(), take the length of the byte string ↵ | Guy Harris | 2017-09-13 | 1 | -0/+0 |
into account. Otherwise, if, in our search of the hash table, we come across a byte string that's shorter than the string we're looking for, we'll search past the end of the string in the hash table. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s). |