Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix potential integer overflow in getnum #3633

Merged
merged 1 commit into from
Feb 18, 2024

Conversation

Crispy-fried-chicken
Copy link
Contributor

Fix the vulnerability mentioned in #3626

@pjsg
Copy link
Member

pjsg commented Feb 5, 2024

This should be targeted at the dev branch. And we probably need the same fix in the dev-esp32 branch.

@Crispy-fried-chicken Crispy-fried-chicken changed the base branch from release to dev February 5, 2024 03:04
@Crispy-fried-chicken
Copy link
Contributor Author

This should be targeted at the dev branch. And we probably need the same fix in the dev-esp32 branch.

I've changed the branch to dev, and as for dev-esp32, maybe I can create another PR?

@pjsg
Copy link
Member

pjsg commented Feb 5, 2024 via email

@Crispy-fried-chicken
Copy link
Contributor Author

Crispy-fried-chicken commented Feb 5, 2024

and I see some checks were not successful, how I change to make it success?

@Crispy-fried-chicken
Copy link
Contributor Author

I've already create another PR which is #3634, please check it, thank you!

@pjsg
Copy link
Member

pjsg commented Feb 6, 2024

Hmm -- I have no idea why the checks failed..... I'm not sure who uses the 8266 dev branch....

@HHHartmann
Copy link
Member

we need this fix on the release branch to fix the windows build issue:
193fe35#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721

@pjsg
Copy link
Member

pjsg commented Feb 6, 2024

Can you tee up a PR for that fix?

@HHHartmann
Copy link
Member

Will do tomorrow

@marcelstoer marcelstoer mentioned this pull request Feb 6, 2024
@HHHartmann
Copy link
Member

Ah no, As it seems, you just need to rebase this branch onto a current dev branch which will also contain the fix.

@Crispy-fried-chicken
Copy link
Contributor Author

@HHHartmann I don't see any fix about this PR in #3635, maybe you should add it to fix it?

@HHHartmann
Copy link
Member

HHHartmann commented Feb 18, 2024

@Crispy-fried-chicken sorry, the fix on master is not required. I thought that the check pipleine needed to be updated on the release/master branch. But this is not needed.
Rebasing this branch to dev is what should fix the checks as the correct definition is there.

@marcelstoer marcelstoer merged commit 64f0d37 into nodemcu:dev Feb 18, 2024
16 of 18 checks passed
@Crispy-fried-chicken
Copy link
Contributor Author

@pjsg Hi, is it necessary to apply for a CVE for this vulnerability? This is very important to recognize our work, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants