-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.0.0.-rc1 - secvarctl sigsegv while reading fuzzed ESL file #63
Milestone
Comments
And the bt from core:
|
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 5, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 5, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 5, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 5, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 5, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 6, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
erichte-ibm
added a commit
to erichte-ibm/secvarctl
that referenced
this issue
Oct 6, 2023
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
nick-child-ibm
pushed a commit
that referenced
this issue
Oct 6, 2023
…per functions Fixes #63, and maybe #61. As reported in #63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
with RC2 not seeing this error
|
nick-child-ibm
pushed a commit
that referenced
this issue
Feb 6, 2024
…per functions Fixes #63, and maybe #61. As reported in #63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and with earlier secvarctl not seen the SIGSEGV - (probable git head at e3658f2ce5d0089e72eb243e8deacaa2ddd577a4)
The text was updated successfully, but these errors were encountered: