Giters

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

Home Page:https://www.wolfssl.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug]: a potiential divide by zero exception

CR7-source opened this issue · comments

commented

Contact Details

a860641231@163.com

Version

5.6.3

Description

I have found a potential divide by zero vulnerability in the wolfSSL project and would like to report it to the maintainers. This vulnerability has the potential to cause unexpected application behavior, crashes.Can you please help me check it? Thank you for your effort and patience!
Below is the execution sequence of the program that may produce divide by zero vulnerability .

  1. wolfssl-5.6.3-stable/examples/server/server.c ServerEchoData function: On line 409 ,variable rx_time and tx_time are defined to be 0.However they are used as the divisor on line 513 and 514. It it possible that rx_time and tx_time are still to be 0,leading to a divide by zero vulnerability .

image

Reproduction steps

No response

Relevant log output

No response

commented

Hi @CR7-source ,

Thanks for the report. I've made a fix which you can find here: #7357
We are currently in a release cycle, I will get this fix reviewed and merged once we've finished our release.