New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer Overflow security vulnerability in ParModelica #4787
Comments
Hi everyone! In our organization, OpenModelica cannot be used because the following vulnerabilities exist in OpenModelica. https://nvd.nist.gov/vuln/detail/CVE-2019-1010038 Is there any chance that this vulnerability will be fixed? If not, I'd like to try to fix it, but are there any consideration? |
The vulnerability is that the value of the environment variable OPENMODELICAHOME A malicious user could give a long(>=100 bytes) environment variable that would cause a buffer overflow. This issue imported from https://trac.openmodelica.org/OpenModelica/ticket/4787
I've confirmed that the pointed implementation still exists in the latest code. OpenModelica/OMCompiler/SimulationRuntime/ParModelica/explicit/openclrt/ocl_offcomp.c Lines 82 to 92 in 8911b0b
However, in the latest code, CMakeLists.txt to build this vulnerable target is not referenced from the CMakeLists.txt in the parent directory.
|
When I checked the build settings for the OpenModelica/OMCompiler/SimulationRuntime/ParModelica/explicit/openclrt/ itself, the referenced source was ocl_offcomp.cpp, not ocl_offcomp.c. OpenModelica/OMCompiler/SimulationRuntime/ParModelica/explicit/openclrt/CMakeLists.txt Lines 14 to 23 in 8911b0b
OpenModelica/OMCompiler/SimulationRuntime/ParModelica/explicit/openclrt/Makefile.common Lines 16 to 17 in 8911b0b
Going back further in time, I found the following commit in the archived OpenModelica/OMCompiler repository when it was a submodule. - $(CXX) -I. -o ocloffcomp$(EXEEXT) ocl_offcomp.c libOMOCLRuntime.a $(OPENLC_LIB) $(CFLAGS)
+ $(CXX) -I. -o ocloffcomp$(EXEEXT) ocl_offcomp.cpp libParModelicaExpl.a $(OPENLC_LIB) $(CFLAGS) The commit time is 2015-09-11T19:39:08+02:00 Therefore, OpenModelica built after 2015-09-11T19:39:08+02:00 does not include this vulnerability. May I ask the maintainer for the following two things?
|
- Closes OpenModelica#4787. - This file is not used anymore since its target is never built. - It has a buffer overflow vulnerability due to usage of an env variable that is appended to a static buffer array. - It was an experiment at having an "offline" compiler for OpenCL code. It was used to compile OpenCL code ahead of time and save some time by avoiding JIT (runtime) compilation.
- Closes #4787. - This file is not used anymore since its target is never built. - It has a buffer overflow vulnerability due to usage of an env variable that is appended to a static buffer array. - It was an experiment at having an "offline" compiler for OpenCL code. It was used to compile OpenCL code ahead of time and save some time by avoiding JIT (runtime) compilation.
I confirmed that the NIST page already had a list of versions. Thank you very much. |
No description provided.
The text was updated successfully, but these errors were encountered: