Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] main thread panic #210

Closed
sepehrdaddev opened this issue Oct 23, 2021 · 2 comments
Closed

[BUG] main thread panic #210

sepehrdaddev opened this issue Oct 23, 2021 · 2 comments
Labels
blue bug Something isn't working needs-research needs-triage This issue or PR still needs to be triaged.

Comments

@sepehrdaddev
Copy link
Contributor

Describe the bug
One of my fuzzers found that when the user supplies crafted inputs to the cfn-guard parser, the application would crash.

To Reproduce
Please supply:

  • Rule Used for causing the bug
    crash.guard
"">/\

please note that crash.guard should not have \n at the end, the easiest way to create it is to run the following command:
echo "IiI+L1w=" | base64 -d > crash.guard
template.json

{}
  • The commands used to invoke the tool
    cat template.json | RUST_BACKTRACE=1 cfn-guard validate -r crash.guard
  • The output of the application
thread 'main' panicked at 'byte index 1 is out of bounds of ``', /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/nom-5.1.2/src/traits.rs:933:1
stack backtrace:
   0: rust_begin_unwind
             at /rustc/547a6ffee0cf4da9929a9e3d49546dc87d607735/library/std/src/panicking.rs:495:5
   1: core::panicking::panic_fmt
             at /rustc/547a6ffee0cf4da9929a9e3d49546dc87d607735/library/core/src/panicking.rs:107:14
   2: core::str::slice_error_fail
   3: <&str as nom::traits::Slice<core::ops::range::RangeFrom<usize>>>::slice
   4: <nom_locate::LocatedSpan<&str,X> as nom::traits::Slice<core::ops::range::RangeFrom<usize>>>::slice
   5: <nom_locate::LocatedSpan<T,X> as nom::traits::InputTake>::take_split
   6: <(A,B,C,D,E) as nom::branch::Alt<Input,Output,Error>>::choice
   7: <(FnA,FnB) as nom::sequence::Tuple<Input,(A,B),Error>>::parse
   8: <(A,B) as nom::branch::Alt<Input,Output,Error>>::choice
   9: core::ops::function::Fn::call
  10: cfn_guard::rules::parser::default_clauses
  11: nom::combinator::map::{{closure}}
  12: <(A,B,C,D,E) as nom::branch::Alt<Input,Output,Error>>::choice
  13: cfn_guard::rules::parser::remove_whitespace_comments::{{closure}}
  14: cfn_guard::rules::parser::rules_file
  15: <cfn_guard::commands::validate::Validate as cfn_guard::command::Command>::execute
  16: cfn_guard::main

Expected behavior
It is expected to get parsing error.

Operating System:
Ubuntu 20.04, AmazonLinux 2.
@sepehrdaddev sepehrdaddev added the bug Something isn't working label Oct 23, 2021
@shreyasdamle shreyasdamle added the needs-triage This issue or PR still needs to be triaged. label Nov 10, 2021
@shreyasdamle
Copy link
Contributor

Thanks for reporting this issue. We are looking into this.

@shreyasdamle shreyasdamle added needs-research and removed needs-triage This issue or PR still needs to be triaged. labels Nov 15, 2021
@akshayrane akshayrane added needs-triage This issue or PR still needs to be triaged. blue labels Sep 21, 2022
@joshfried-aws joshfried-aws mentioned this issue Sep 29, 2022
Merged
@joshfried-aws
Copy link
Contributor

Hi @sepehrdaddev we have merged a fix for this #282. Feel free to test it out again, and re-open if you find anything more.

Thanks,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blue bug Something isn't working needs-research needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@akshayrane @shreyasdamle @sepehrdaddev @joshfried-aws