Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix benign overread in HTML/js-norm parser #503

Merged

Conversation

micahsnyder
Copy link
Contributor

Fix a possible overread in handle_de() where we dereference tokens
without boundchecking. The over-read does not cause a crash.
I do not believe this issue to be a vulnerability.

Resolves: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44849

Also clean up very sloppy bounds checking in match_parameters().
I don't have any evidence of an overflow. The code just looks sus.

Eliminated a benign warning in cli_js_process_buffer().

@micahsnyder
Copy link
Contributor Author

I'd like to run this one through a larger regression test to make sure it doesn't inadvertently change the javascript normalization and cause false negatives.

@micahsnyder
Copy link
Contributor Author

I haven't merged this yet because in a large regression test I found a number of false negatives and I haven't had time to triage each to determine if there's a bug, or if we will just have to update some signatures after this lands. Can complete this after 0.105 ships.

Fix a possible overread in `handle_de()` where we dereference tokens
without boundchecking. The over-read does not cause a crash.

Resolves: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44849

Also clean up very sloppy bounds checking in `match_parameters()`.
I don't have any evidence of an overflow. The code just looks sus.

Eliminated a benign warning in `cli_js_process_buffer()`.
@micahsnyder micahsnyder merged commit 0301808 into Cisco-Talos:main Sep 17, 2022
23 of 24 checks passed
@micahsnyder micahsnyder deleted the CLAM-1711-js-norm-overread branch September 17, 2022 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants