Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] heap-overflow in get.c:713 #734

Closed
chluo911 opened this issue Jul 24, 2022 · 1 comment
Closed

[Bug] heap-overflow in get.c:713 #734

chluo911 opened this issue Jul 24, 2022 · 1 comment
Assignees
Projects

Comments

@chluo911
Copy link

chluo911 commented Jul 24, 2022

You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.

If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.

If you have a build issue, consider downloading the latest release

Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!

Describe the bug
There is a heap-overflow bug in get_ipv6_next. Different from #718 (The crash point is in line 679, *((int*)((u_char *)exthdr + len))), this bug is triggered in line 713 (*((int*)((u_char *)exthdr + len)) > maxlen).

To Reproduce
Steps to reproduce the behavior:

  1. export CC=clang && export CFLAGS="-fsanitize=address -g"
  2. ./autogen.sh && ./configure --disable-shared --disable-local-libopts && make clean && make -j8
  3. ./src/tcprewrite -o /dev/null -i POC

Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.

Screenshots
Screen Shot 2022-07-24 at 10 37 33

System (please complete the following information):

  • OS: Debian
  • OS version: buster
  • Tcpreplay Version: 09f0774

Additional context
POC
poc.zip

@chluo911 chluo911 changed the title heap-overflow in get_ipv6_next:713 [BUG] heap-overflow in get_ipv6_next:713 Jul 24, 2022
@chluo911 chluo911 changed the title [BUG] heap-overflow in get_ipv6_next:713 [Bug] heap-overflow in get.c:713 Jul 24, 2022
@fklassen fklassen added this to To do in 4.4.2 via automation Aug 7, 2022
@fklassen fklassen self-assigned this Aug 7, 2022
@fklassen fklassen moved this from To do to In progress in 4.4.2 Aug 7, 2022
@fklassen
Copy link
Member

fklassen commented Aug 7, 2022

Tested with #718 fix. It appears that it is fixed.

@fklassen fklassen closed this as completed Aug 7, 2022
4.4.2 automation moved this from In progress to Done Aug 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
4.4.2
Done
Development

No branches or pull requests

2 participants