[Bug]: a potiential divide by zero exception
CR7-source opened this issue · comments
Contact Details
Version
5.6.3
Description
I have found a potential divide by zero vulnerability in the wolfSSL project and would like to report it to the maintainers. This vulnerability has the potential to cause unexpected application behavior, crashes.Can you please help me check it? Thank you for your effort and patience!
Below is the execution sequence of the program that may produce divide by zero vulnerability .
- wolfssl-5.6.3-stable/examples/server/server.c ServerEchoData function: On line 409 ,variable rx_time and tx_time are defined to be 0.However they are used as the divisor on line 513 and 514. It it possible that rx_time and tx_time are still to be 0,leading to a divide by zero vulnerability .
Reproduction steps
No response
Relevant log output
No response
Hi @CR7-source ,
Thanks for the report. I've made a fix which you can find here: #7357
We are currently in a release cycle, I will get this fix reviewed and merged once we've finished our release.