Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities on several components #2930

Merged
merged 7 commits into from
Aug 17, 2022
Merged

Fix vulnerabilities on several components #2930

merged 7 commits into from
Aug 17, 2022

Conversation

wargio
Copy link
Member

@wargio wargio commented Aug 17, 2022

DO NOT SQUASH

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository
  • I made sure to follow the project's coding style
  • I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
  • I've added tests that prove my fix is effective or that my feature works (if possible)
  • I've updated the rizin book with the relevant information (if needed)

Detailed description

...

Test plan

...

Closing issues

...

@XVilka
Copy link
Member

XVilka commented Aug 17, 2022

To be cherry-picked for 0.4.1

@wargio wargio merged commit d4134cb into dev Aug 17, 2022
@wargio wargio deleted the fuzz-fix-vulns branch August 17, 2022 19:20
socketpair
socketpair reviewed Aug 17, 2022
View reviewed changes
librz/bin/format/luac/luac_bin.c

if (is_func) {
bin_sec->perm = RZ_PERM_R | RZ_PERM_X;
} else {
bin_sec->perm = RZ_PERM_R;
}

rz_list_append(section_list, bin_sec);
if (!rz_list_append(section_list, bin_sec)) {
rz_bin_section_free(bin_sec);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

abort(); ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need. tbh, the code needs a lot of love.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@socketpair socketpair socketpair left review comments

@XVilka XVilka XVilka approved these changes

@thestr4ng3r thestr4ng3r thestr4ng3r approved these changes

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

Assignees
No one assigned
Labels
API Mach-O RzBin RzCore RzUtil
Projects
None yet
Milestone
0.4.1
Development

Successfully merging this pull request may close these issues.
4 participants
@wargio @XVilka @socketpair @thestr4ng3r