Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in r_pkcs7_parse_cms() #7152

Closed
fumfel opened this issue Mar 27, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@fumfel
Copy link

commented Mar 27, 2017

Null pointer dereference in r_pkcs7_parse_cms()

Tested on Git HEAD: 2ce093b

Payload (bins/fuzzed/r2_null_ptr_r_pkcs7_parse_cms) in radare/radare2-regressions#778

To reproduce: r2 -A r2_null_ptr_r_pkcs7_parse_cms


==30065==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7f0252dd9082 bp 0x604000012590 sp 0x7fff02f1fc60 T0)
==30065==The signal is caused by a READ memory access.
==30065==Hint: address points to the zero page.
    #0 0x7f0252dd9081 in r_pkcs7_parse_cms XYZ/radare2/libr/util/r_pkcs7.c:287:103
    #1 0x7f0257fac367 in bin_pe_get_certificate XYZ/radare2/libr/..//libr/bin/p/../format/pe/pe.c:2144:8
    #2 0x7f0257fac367 in bin_pe_init XYZ/radare2/libr/..//libr/bin/p/../format/pe/pe.c:2185
    #3 0x7f0257fafd2d in Pe32_r_bin_pe_new_buf XYZ/radare2/libr/..//libr/bin/p/../format/pe/pe.c:3203:7
    #4 0x7f0257f84ee7 in load_bytes XYZ/radare2/libr/..//libr/bin/p/bin_pe.c:27:8
    #5 0x7f0257d96da1 in r_bin_object_new XYZ/radare2/libr/bin/bin.c:1203:16
    #6 0x7f0257d9439a in r_bin_file_new_from_bytes XYZ/radare2/libr/bin/bin.c:1428:6
    #7 0x7f0257d9439a in r_bin_load_io_at_offset_as_sz XYZ/radare2/libr/bin/bin.c:974
    #8 0x7f0257d904f9 in r_bin_load_io_at_offset_as XYZ/radare2/libr/bin/bin.c:988:12
    #9 0x7f0257d904f9 in r_bin_load_io XYZ/radare2/libr/bin/bin.c:831
    #10 0x7f0259088c5f in r_core_file_do_load_for_io_plugin XYZ/radare2/libr/core/file.c:429:7
    #11 0x7f0259088c5f in r_core_bin_load XYZ/radare2/libr/core/file.c:566
    #12 0x56102f4b0a0d in main XYZ/radare2/binr/radare2/radare2.c:924:14
    #13 0x7f0251d1882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x56102f3e0c18 in _start (/usr/local/bin/radare2+0x20c18)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/radare2/libr/util/r_pkcs7.c:287:103 in r_pkcs7_parse_cms
==30065==ABORTING

@radare radare closed this in #7153 Mar 27, 2017

radare added a commit that referenced this issue Mar 27, 2017

@carnil

This comment has been minimized.

Copy link

commented Mar 28, 2017

@Maijin

This comment has been minimized.

Copy link
Collaborator

commented Mar 28, 2017

ROF-LOL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.