Skip to content

Fix CVE-2021-40393#73

Merged
ooxi merged 1 commit intogerbv:mainfrom
ooxi:patch/CVE-2021-40393
Nov 24, 2021
Merged

Fix CVE-2021-40393#73
ooxi merged 1 commit intogerbv:mainfrom
ooxi:patch/CVE-2021-40393

Conversation

@ooxi
Copy link
Copy Markdown
Contributor

@ooxi ooxi commented Nov 19, 2021

A possible out-of-bounds write vulnerability was discovered by the @CiscoTalos team in issue #56. This patch mitigates the issue by adding bounds checking.

@ooxi
Fix CVE-2021-40393
544aeac 
A possible out-of-bounds write vulnerability was discovered by the Cisco Talos team. This patch mitigates the issue by adding bounds checking.
@ooxi
Copy link
Copy Markdown
Contributor Author

ooxi commented Nov 19, 2021

@eyal0 could you do me a solid and take a look at my out-of-bounds checking logic? There might be a signed integer underflow UB since ip->data.ival - 1 is not checked.

@ooxi
Copy link
Copy Markdown
Contributor Author

ooxi commented Nov 24, 2021

@CiscoTalos could you please take a look whether this patch seems reasonable? I'm unsure whether ip->data.ival - 1 is still an attack vector since ip->data.ival - 1 might underflow

@CiscoTalos
Copy link
Copy Markdown

CiscoTalos commented Nov 24, 2021
edited
Loading

ip->data.ival - 1 will be negative if ip->data.ival is 0, but the if condition that happens next will terminate the program. So the suggested patch fixes the issue.

@ooxi ooxi marked this pull request as ready for review November 24, 2021 19:09
@ooxi ooxi merged commit 4d12b69 into gerbv:main Nov 24, 2021
@ooxi ooxi deleted the patch/CVE-2021-40393 branch November 24, 2021 19:09
@ooxi
Copy link
Copy Markdown
Contributor Author

ooxi commented Nov 24, 2021

Thank you very much for the verification. The fix is now included in main branch and will be released with the next gerbv version (probably in the upcoming week).

@CiscoTalos
Copy link
Copy Markdown

CiscoTalos commented Nov 29, 2021

Thank you. We prefer 1-2 business days notice of the release date so we can coordinate on our end.

@ooxi
Copy link
Copy Markdown
Contributor Author

ooxi commented Dec 1, 2021

@CiscoTalos I aim to create a release this weekend. Does this suit you?

spe-ciellt added a commit that referenced this pull request Feb 28, 2026
@spe-ciellt @claude
feat: add gerbv_create_excellon_image_from_filename() to public API
cc61ceb 
Adds the missing counterpart to gerbv_create_rs274x_image_from_filename()
for loading Excellon drill files directly via libgerbv. Based on
SourceForge patch #73 and GitHub PR #9.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@spe-ciellt spe-ciellt mentioned this pull request Feb 28, 2026
Merged
4 tasks
spe-ciellt added a commit that referenced this pull request Feb 28, 2026
@spe-ciellt
feat: add gerbv_create_excellon_image_from_filename() to public API
6acbe07 
Adds the missing counterpart to gerbv_create_rs274x_image_from_filename()
for loading Excellon drill files directly via libgerbv. Based on
SourceForge patch #73 and GitHub PR #9.

Also bumps library version to 1.10.0 since library was changed
(actually long overdue, but now it happened).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ooxi @CiscoTalos