Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack Buffer Overflow when requesting excessively long URL when compiled with ASAN. #16

Closed
ghost opened this issue May 17, 2019 · 2 comments

Comments

Projects
None yet
1 participant
@ghost
Copy link

commented May 17, 2019

Screen -S Server
./GoHTTP
CTRL-A, D
Screen -S Crash
python -c "print 'A' * 50000" > file
curl 127.0.0.1:4000/$(cat file)
CTRL-A, D
Screen -R Server

==9330==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcea552b20 at pc 0x7fcfe397420b bp 0x
7ffcea552850 sp 0x7ffcea551ff8
READ of size 519 at 0x7ffcea552b20 thread T0
#0 0x7fcfe397420a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
#1 0x4022c1 in scan (/root/GoHttp/GoHTTP+0x4022c1)
#2 0x4033c5 in getRequestType (/root/GoHttp/GoHTTP+0x4033c5)
#3 0x403599 in receive (/root/GoHttp/GoHTTP+0x403599)
#4 0x4037da in handle (/root/GoHttp/GoHTTP+0x4037da)
#5 0x403881 in acceptConnection (/root/GoHttp/GoHTTP+0x403881)
#6 0x4038db in start (/root/GoHttp/GoHTTP+0x4038db)
#7 0x40406d in main (/root/GoHttp/GoHTTP+0x40406d)
#8 0x7fcfe284d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x401808 in _start (/root/GoHttp/GoHTTP+0x401808)

Address 0x7ffcea552b20 is located in stack of thread T0 at offset 544 in frame
#0 0x4034a0 in receive (/root/GoHttp/GoHTTP+0x4034a0)

This frame has 1 object(s):
[32, 544) 'buffer' <== Memory access at offset 544 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x10001d4a2510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2520: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10001d4a2560: 00 00 00 00[f3]f3 f3 f3 f3 f3 f3 f3 00 00 00 00
0x10001d4a2570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a2590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a25a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001d4a25b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==9330==ABORTING

@fekberg

This comment has been minimized.

Copy link
Owner

commented May 20, 2019

FYI this project isn't maintained. I only wrote it as a part of a university course years ago.

Don't use the code for anything but playing around

@ghost

This comment has been minimized.

Copy link
Author

commented May 24, 2019

Closing.

@ghost ghost closed this May 24, 2019

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.