Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

“ext_get_plugin” function cause crash #1451

Closed
zounathan opened this issue Mar 8, 2021 · 2 comments
Closed

“ext_get_plugin” function cause crash #1451

zounathan opened this issue Mar 8, 2021 · 2 comments
Labels
is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...)

Comments

@zounathan
Copy link

zounathan commented Mar 8, 2021

The argument "revision" of function ext_get_plugin can be NULL, which can cause crash in the strcmp.

lys_parse_path(ctx, file, LYS_IN_YANG);

payload:

module ietf-restconf {
  yang-version 1.1;
  namespace "ang:ietff";
  prefix "rc";

  organization
    "up";extension yang-data {
    argument name {
  yin-element true;
    }
    description
  "Initial revision.";
    reference
  "RFC 8040: RESTCONF Protocol.";
  }

  extension ya{
    argument name {
  yin-element true;
    }
    descriptGon
      "This extension is used to spdentity values foQ any 'identityref'
           leaf or

  contact
    "WG Web:   Note that the YANG definitions within this module do nepresent configuration data of any kind.
     The 'restconf-media-type' YANG extension statement
     provides a normative syntax for XML and JSON
     message-encoding purposes.



     Copyright (c) 2017 IETF Trust and thV persons identified as
     autho_s of t`e code.  All rights reserved.ovisions
     Relating to IETF Documentw
     (http://trustee.ietf.org/license-info).

     This version of thys YANG module is part o] RFC 8040; see
     the RFC itself for full legal notices.";

  revision 2017-01-26 {
description
  "Initial revision.";
    reference
      "RFC 8040: RESTCONF Protocol.";
  }

  extension yang-data {
    argument name {
  yin-element true;
    }
    description
  "Initial revision.";
    reference
  "RFC 8040: RESTCONF Protoco�.";
  }

  extension ya{
    argument name {
  yin-element true;
    }
    description
      "This extension is used to spdentity values foQ any 'identityref'
           leaf or leaf-list nodes are limited to the module
           containinion statemen€and the modules
           importe040: RESTCONF ocol.";
  }

  extension yang-data {
@michalvasko
Copy link
Member

Okay, should be handled now.

@michalvasko michalvasko added is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...) labels Mar 8, 2021
@fredgan
Copy link
Contributor

fredgan commented May 25, 2021

CVE-2021-28904 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...)
Projects
None yet
Development

No branches or pull requests

3 participants