-
-
Notifications
You must be signed in to change notification settings - Fork 989
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Segmentation fault" (possible DoS) when parsing compressed data with function "inflate_gzip" #1021
Comments
thanks for the report! |
fix has been pushed to RC_1_1 and master |
Hi, Is also this security issue valid for branch RC_1_0 ? and others ? If yes is possible to have a patch to fix this issue in others branchs? |
back-ported to RC_1_0 here: 2d7d012 |
Thank you very much! |
Wouldn't this warrant another point release of the 1.0.x series? |
yeah, probably |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
libtorrent version (or branch): 1.1.0.0
platform/architecture: Ubuntu 14.04LTS x86_64
compiler and compiler version: gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
The issue was found with "afl fuzzer" while executing a modified version of the "test_gzip" testsuite with the following input data(displayed in base64 format):
A segmentation fault signal was captured while running:
./test_gzip gzip_data
The output from ASAN:
The issue seems to be located in the puff.cpp file inside the "construct" function.
To reproduce:
1.compile "test_gzip.cpp" (here attached)
2.copy the base64 encoded data to a file (ex. gzip_data.b64)
3.decode the file to a new file ("base64 -d gzip_data.b64 > gzip_data")
3.run ./test_gzip gzip_data
test_gzip.cpp.txt
The text was updated successfully, but these errors were encountered: