New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-based buffer overflow in the canonpath() function #29
Comments
|
Thanks for fuzzing samurai! I believe the buffer overflow is due to failing to reject empty paths, which it tries to canonicalize the same way as The test case also revealed another issue, which is infinite recursion caused by a recursive rule variable definition. This still needs more investigation. |
Reported by Frederic Cambus in #29.
Reported by Frederic Cambus in #29.
|
This issue has been assigned CVE-2019-19795. |
|
Both issues are now fixed. I'm planning to make a new release shortly, so please let me know if you find any other issues. |
|
Also, note that the entire point of the tool is to run arbitrary commands from the build file, so it should be considered a trusted input. |
|
Thanks for your fixes! I've let fuzzers run overnight on the latest master branch and they did not find anything, good job. |
Hi,
While fuzzing samurai 0.7 with American Fuzzy Lop, I found a heap-based buffer overflow in the canonpath() function, in util.c.
Attaching a reproducer (gzipped so GitHub accepts it): test01.gz
Issue can be reproduced by running:
The text was updated successfully, but these errors were encountered: