Stack Buffer Overflow when requesting excessively long URL when compiled with ASAN. #16
Comments
|
FYI this project isn't maintained. I only wrote it as a part of a university course years ago. Don't use the code for anything but playing around |
|
Closing. |
ghost
closed this as This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Screen -S Server
./GoHTTP
CTRL-A, D
Screen -S Crash
python -c "print 'A' * 50000" > file
curl 127.0.0.1:4000/$(cat file)
CTRL-A, D
Screen -R Server
==9330==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcea552b20 at pc 0x7fcfe397420b bp 0x
7ffcea552850 sp 0x7ffcea551ff8
READ of size 519 at 0x7ffcea552b20 thread T0
#0 0x7fcfe397420a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
#1 0x4022c1 in scan (/root/GoHttp/GoHTTP+0x4022c1)
#2 0x4033c5 in getRequestType (/root/GoHttp/GoHTTP+0x4033c5)
#3 0x403599 in receive (/root/GoHttp/GoHTTP+0x403599)
#4 0x4037da in handle (/root/GoHttp/GoHTTP+0x4037da)
#5 0x403881 in acceptConnection (/root/GoHttp/GoHTTP+0x403881)
#6 0x4038db in start (/root/GoHttp/GoHTTP+0x4038db)
#7 0x40406d in main (/root/GoHttp/GoHTTP+0x40406d)
#8 0x7fcfe284d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x401808 in _start (/root/GoHttp/GoHTTP+0x401808)
Address 0x7ffcea552b20 is located in stack of thread T0 at offset 544 in frame
#0 0x4034a0 in receive (/root/GoHttp/GoHTTP+0x4034a0)
This frame has 1 object(s):
[32, 544) 'buffer' <== Memory access at offset 544 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x10001d4a2510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2520: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10001d4a2560: 00 00 00 00[f3]f3 f3 f3 f3 f3 f3 f3 00 00 00 00
0x10001d4a2570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a25a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a25b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==9330==ABORTING
The text was updated successfully, but these errors were encountered: