Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow in sldns_wire2str_pkt_scan #611

Closed
JiangHeng12138 opened this issue Jan 24, 2022 · 1 comment
Closed

Integer overflow in sldns_wire2str_pkt_scan #611

JiangHeng12138 opened this issue Jan 24, 2022 · 1 comment

Comments

@JiangHeng12138
Copy link

version: unbound-1.11.0

sldns/wire2str.c:385:5: runtime error: signed integer overflow: 2146643294 + 1266702 cannot be represented in type 'int'
    #0 0x5b93a7 in sldns_wire2str_pkt_scan /src/unbound/sldns/wire2str.c:385:5
    #1 0x4b24cb in LLVMFuzzerTestOneInput /src/unbound/fuzz_2.c:43:43
    #2 0x443833 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
    #3 0x42efa2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
    #4 0x434c46 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
    #5 0x45e152 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #6 0x7f9a34eceb26 in __libc_start_main (/lib64/libc.so.6+0x25b26)
    #7 0x40ae59 in _start (/root/oss-fuzz/build/out/unbound/fuzz_2_fuzzer+0x40ae59)
@wcawijngaards wcawijngaards mentioned this issue Jan 25, 2022
Closed
wcawijngaards added a commit that referenced this issue Feb 3, 2022
@wcawijngaards
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
c29b0e0
@wcawijngaards
Copy link
Member

I think that the commit fixes the problem, perhaps. The fix stops a domain name printing routine from printing overly long content. Maybe it does not, that depends on what causes the integer overflow. The fix is good to have any way, thanks!

jedisct1 added a commit to jedisct1/unbound that referenced this issue Feb 11, 2022
@jedisct1
Merge remote-tracking branch 'nlnet/master'
3eefdb3 
* nlnet/master: (33 commits)
  - Fix NLnetLabs#618: enabling interface-automatic disables DNS-over-TLS.   Adds the option to list interface-automatic-ports.
  - Fix NLnetLabs#624: Unable to stop Unbound in Windows console (does not   respond to CTRL+C command).
  Release 1.15.0 on 10 feb 2022. The repository continues with version 1.15.1. And Changelog note.
  Note 1.15.0rc1 tag creation in Changelog. - Tag for 1.15.0rc1 created.
  - Fix that TCP interface does not use TLS when TLS is also configured.
  - Fix NLnetLabs#412: cache invalidation issue with CNAME+A.
  - Fix for NLnetLabs#611: Integer overflow in sldns_wire2str_pkt_scan.
  - Update contrib/aaaa-filter-iterator.patch with diff for current   software version.
  - Fix docker splint test to use more portable uname.
  - please clang analyzer for loop in test code.
  - Changelog entry clarification.
  - Fix header comment for doxygen for authextstrtoaddr.
  - Update version number in repo to 1.15.0 for upcoming release,   since it changes the aggressive-nsec default and the ratelimit change.
  - Update stream_ssl.tdir test to also use the new forward-host notation.
  - Merge PR NLnetLabs#617: Update stub/forward-host notation to accept port and   tls-auth-name.
  Don't accidentaly introduce a troff macro
  - Change aggressive-nsec default to yes.
  Changelog entry for NLnetLabs#616 - Merge PR NLnetLabs#616: Update ratelimit logic. It also introduces   ratelimit-backoff and ip-ratelimit-backoff configuration options.
  Changelog entry for NLnetLabs#532 - Merge PR NLnetLabs#532 from Shchelk: Fix: buffer overflow bug.
  Changelog note for NLnetLabs#603: - Merge PR NLnetLabs#603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA   internals.
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wcawijngaards @JiangHeng12138