-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid volume label string causes read beyond string size in fprintf at info_handle.c:1219 #14
Comments
hongxuchen
changed the title
AddressSanitizer: heap-buffer-overflow at lnktools/info_handle.c:1219
AddressSanitizer: heap-buffer-overflow at info_handle.c:1219
Jun 19, 2018
The volume label data is:
Converted into UTF-8, which does not appear to be correct.
which causes fprintf to read an additional byte.
|
joachimmetz
changed the title
AddressSanitizer: heap-buffer-overflow at info_handle.c:1219
Invalid volume label string causes heap-buffer-overflow in fprintf at info_handle.c:1219
Jun 23, 2018
joachimmetz
changed the title
Invalid volume label string causes heap-buffer-overflow in fprintf at info_handle.c:1219
Invalid volume label string causes read beyond string size in fprintf at info_handle.c:1219
Jun 23, 2018
With libuna libyal/libuna@fce50a5 this issue no longer surfaces. Seeing that no liblnk code needed to be changed to fix this issue, marking this as "invalid". |
This was referenced Jun 23, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
AddressSanitizer: heap-buffer-overflow at info_handle.c:1219
POC file:
https://github.com/ntu-sec/pocs/blob/master/liblnk/hbo_info_handle.c%3A1219_1.input.txt
gdb output:
https://github.com/ntu-sec/pocs/blob/master/liblnk/hbo_info_handle.c%3A1219_1.gdb.txt
The text was updated successfully, but these errors were encountered: