Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) [CVE-2018-7725] #39

Closed
fantasy7082 opened this issue Mar 6, 2018 · 3 comments
Closed

Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) [CVE-2018-7725] #39

fantasy7082 opened this issue Mar 6, 2018 · 3 comments
Milestone
v0.13.69 release

Comments

@fantasy7082
Copy link

fantasy7082 commented Mar 6, 2018
edited

Hi,it's a issues about the zziplib v0.13.68. It crashed in function zzip_disk_fread.the details are below(ASAN):

./unzzip-mem 001-null-p 
ASAN:SIGSEGV
=================================================================
==12462==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffff7fec000 (pc 0x7ffff5d450bd bp 0x62400001e100 sp 0x7fffffffdd40 T0)
    #0 0x7ffff5d450bc in inflate (/usr/local/lib/libz.so.1+0xb0bc)
    #1 0x7ffff6c65054 in zzip_disk_fread ../../zzip/mmapped.c:721
    #2 0x7ffff6c67156 in zzip_mem_disk_fread ../../zzip/memdisk.c:551
    #3 0x401696 in unzzip_mem_disk_cat_file ../../bins/unzzipcat-mem.c:52
    #4 0x401ae8 in unzzip_cat ../../bins/unzzipcat-mem.c:122
    #5 0x401f08 in unzzip_extract ../../bins/unzzipcat-mem.c:170
    #6 0x4013e3 in main ../../bins/unzzip.c:74
    #7 0x7ffff68b682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x400fa8 in _start (/usr/local/zzip-asan/bin/unzzip-mem+0x400fa8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 inflate
==12462==ABORTING

POC FILE:https://github.com/fantasy7082/image_test/blob/master/003-unknow-def-zip
@stevebeattie
Copy link

This was assigned CVE-2018-7725.

gdraheim added a commit that referenced this issue Mar 13, 2018
@gdraheim
add testcase for invalid-mem #39
a825ff3
gdraheim added a commit that referenced this issue Mar 13, 2018
@gdraheim
check zlib space to be within buffer #39
1ba660b
@gdraheim
Copy link
Owner

fixed by checking buffer handed over to zlib

@gdraheim gdraheim added this to the v0.13.69 release milestone Mar 13, 2018
@gdraheim
Copy link
Owner

done.

@gdraheim gdraheim changed the title Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) [CVE-2018-7725] Mar 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.13.69 release
Development

No branches or pull requests
3 participants
@gdraheim @stevebeattie @fantasy7082