Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce large_mtu checks in the posix read and write wrappers #7

Closed
sahlberg opened this issue Apr 28, 2017 · 1 comment
Closed

Enforce large_mtu checks in the posix read and write wrappers #7

sahlberg opened this issue Apr 28, 2017 · 1 comment

Comments

@sahlberg
Copy link
Owner

No description provided.

@sahlberg
Copy link
Owner Author

sahlberg commented May 3, 2017

Done in
72d254b
f74cd50

@sahlberg sahlberg closed this as completed May 3, 2017
tguillem added a commit to tguillem/libsmb2 that referenced this issue Nov 16, 2020
The dcerpc_context can be freed from pdu callbacks but was used after
for freeing the pdu. So free the pdu using the dcerpc_context before
calling callbacks.

Asan trace:
=218284==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060006ff680 at pc 0x7f9104b4ed1b bp 0x7f9104d1bfc0 sp 0x7f9104d1bfb8
READ of size 8 at 0x6060006ff680 thread T25
    #0 0x7f9104b4ed1a in dcerpc_free_pdu ../../lib/dcerpc.c:428
    sahlberg#1 0x7f9104b4f7b7 in smb2_bind_cb ../../lib/dcerpc.c:1563
    sahlberg#2 0x7f9104b561e7 in smb2_destroy_context ../../lib/init.c:320
    sahlberg#3 0x7f9104bdab4d in vlc_smb2_open_share ../../modules/access/smb2.c:602
    sahlberg#4 0x7f9104bdb5f3 in Open ../../modules/access/smb2.c:713

0x6060006ff680 is located 0 bytes inside of 56-byte region [0x6060006ff680,0x6060006ff6b8)
freed by thread T25 here:
    #0 0x7f912c570b6f in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
    sahlberg#1 0x7f9104b4eca7 in dcerpc_destroy_context ../../lib/dcerpc.c:417
    sahlberg#2 0x7f9104b773df in share_enum_bind_cb ../../lib/smb2-share-enum.c:111
    sahlberg#3 0x7f9104b4cc89 in dcerpc_bind_cb ../../lib/dcerpc.c:1540
    sahlberg#4 0x7f9104b4f7ac in smb2_bind_cb ../../lib/dcerpc.c:1562
    sahlberg#5 0x7f9104b561e7 in smb2_destroy_context ../../lib/init.c:320
    sahlberg#6 0x7f9104bdab4d in vlc_smb2_open_share ../../modules/access/smb2.c:602
    sahlberg#7 0x7f9104bdb5f3 in Open ../../modules/access/smb2.c:713
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant