Skip to content

NULL pointer dereference in DXF parser, HATCH code 93 #1468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
eldstal opened this issue Dec 19, 2021 · 2 comments
Closed

NULL pointer dereference in DXF parser, HATCH code 93 #1468

eldstal opened this issue Dec 19, 2021 · 2 comments
Labels
bug An error which causes unexpected or unintended results

Comments

@eldstal
Copy link
Contributor

eldstal commented Dec 19, 2021

Steps to reproduce or sample file

  1. Unzip and load the attached proof of concept file in LibreCAD 2.2.0-rc3

Cause

The std::shared_ptr DRW_Hatch::loop is written to when loading a HATCH entity with code 93. If this occurs before a code 92, the pointer is still NULL, leading to a crash.

Impact

Denial of service.

Proposed Mitigation

Ensure that DRW_Hatch::loop is not NULL before dereferencing at drw_entities.cpp:1808

Operating System and LibreCAD version info

Version: 2.2.0-rc3
Compiler: GNU GCC 7.3.0
Compiled on: Nov 29 2021
Qt Version: 5.12.4
Boost Version: 1.65.1
System: Windows 10 (10.0)
eldstal added a commit to eldstal/LibreCAD that referenced this issue Dec 19, 2021
@eldstal
Added NULL check for hatch code 93
5771425 
This fixes issue LibreCAD#1468
@eldstal eldstal mentioned this issue Dec 19, 2021
Merged
@lordofbikes lordofbikes added the bug An error which causes unexpected or unintended results label Dec 19, 2021
lordofbikes added a commit that referenced this issue Jan 4, 2022
@lordofbikes
Merge pull request #1469 from eldstal/hatch93 [ci skip]
29e85c5 
Added NULL check for DXF hatch code 93, Fixing issue #1468
@lordofbikes
Copy link
Member

fixed with #1469

@eldstal
Copy link
Contributor Author

eldstal commented Jan 25, 2022

This vulnerability has been assigned CVE-2021-45343.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug An error which causes unexpected or unintended results
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eldstal @lordofbikes