Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack-buffer-overflow 619 characters in User-Agent string causes stack-overflow. #18

Open
0xGotcha opened this issue May 19, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@0xGotcha
Copy link

commented May 19, 2019

root@0xGotcha:~/fuzzing/GoHttp# curl -A "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" localhost:7000
root@0xGotcha:~/fuzzing/GoHttp# ./GoHttp 
Settings:
Port:			7000
Server root:		/home/frw/public_html/
Configuration file:	httpd.conf
Logfile:		.log
Deamon:			0
=================================================================
==1666==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff1110bd40 at pc 0x000000487f40 bp 0x7fff1110bae0 sp 0x7fff1110b290
READ of size 513 at 0x7fff1110bd40 thread T0
    #0 0x487f3f  (/root/fuzzing/GoHttp/GoHttp+0x487f3f)
    #1 0x51718b  (/root/fuzzing/GoHttp/GoHttp+0x51718b)
    #2 0x517412  (/root/fuzzing/GoHttp/GoHttp+0x517412)
    #3 0x517972  (/root/fuzzing/GoHttp/GoHttp+0x517972)
    #4 0x517c21  (/root/fuzzing/GoHttp/GoHttp+0x517c21)
    #5 0x517cbc  (/root/fuzzing/GoHttp/GoHttp+0x517cbc)
    #6 0x518656  (/root/fuzzing/GoHttp/GoHttp+0x518656)
    #7 0x7fc656ca009a  (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #8 0x41d439  (/root/fuzzing/GoHttp/GoHttp+0x41d439)

Address 0x7fff1110bd40 is located in stack of thread T0 at offset 544 in frame
    #0 0x51728f  (/root/fuzzing/GoHttp/GoHttp+0x51728f)

  This frame has 1 object(s):
    [32, 544) 'buffer' (line 522) <== Memory access at offset 544 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/root/fuzzing/GoHttp/GoHttp+0x487f3f) 
Shadow bytes around the buggy address:
  0x100062219750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100062219760: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
  0x100062219770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100062219780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100062219790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000622197a0: 00 00 00 00 00 00 00 00[f3]f3 f3 f3 f3 f3 f3 f3
  0x1000622197b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000622197c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000622197d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000622197e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000622197f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1666==ABORTING

@fekberg

This comment has been minimized.

Copy link
Owner

commented May 20, 2019

FYI this project isn't maintained. I only wrote it as a part of a university course years ago.

Don't use the code for anything but playing around

@0xGotcha

This comment has been minimized.

Copy link
Author

commented May 20, 2019

No problem. It is great for learning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.