Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap-buffer-overflow in MemcmpInterceptorCommon #1574

Closed
1 of 2 tasks
koltiradw opened this issue Jun 2, 2022 · 1 comment · Fixed by #1576
Closed
1 of 2 tasks

Heap-buffer-overflow in MemcmpInterceptorCommon #1574

koltiradw opened this issue Jun 2, 2022 · 1 comment · Fixed by #1576
Labels
bug

Comments

@koltiradw
Copy link
Contributor

koltiradw commented Jun 2, 2022
edited

Hi! I found heap-buffer-overflow( occurs at /src/lib/protocols/irc.c:522:10) during testing with libFuzzer.

nDPI Environment:

  • OS name: Ubuntu
  • OS version: 20.04.4 LTS (Focal Fossa)
  • Architecture: x86-64
  • nDPI commit hash: 4ff1bf2
  • nDPI compilation flags used: --with-sanitizer --enable-fuzztargets
  • config.log

Reproducible using ndpiReader?

  • The reported bug is reproducible using ndpiReader.
  • The reported bug is not reproducible using ndpiReader.

File for reproducing:

Steps to reproduce the behavior:

  1. Run './fuzz_process_packet_with_main <crash_file>'.
  2. See ASAN crash report.
@koltiradw koltiradw added the bug label Jun 2, 2022
utoni added a commit to utoni/nDPI that referenced this issue Jun 2, 2022
@utoni
Fix heap buffer overflow mentioned in ntop#1574.
4b1e756 
Signed-off-by: lns <matzeton@googlemail.com>
utoni added a commit to utoni/nDPI that referenced this issue Jun 2, 2022
@utoni
Fix heap buffer overflow mentioned in ntop#1574.
d65d632 
Signed-off-by: lns <matzeton@googlemail.com>
@utoni utoni linked a pull request Jun 2, 2022 that will close this issue
Fix heap buffer overflow mentioned in #1574. #1576
Merged
utoni added a commit that referenced this issue Jun 2, 2022
@utoni
Fix heap buffer overflow mentioned in #1574. (#1576)
6149c0f 
Signed-off-by: lns <matzeton@googlemail.com>
@utoni
Copy link
Collaborator

utoni commented Jun 2, 2022

Thank you for reporting that bug!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix heap buffer overflow mentioned in #1574. utoni/nDPI
2 participants
@utoni @koltiradw