Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hey there, I have discovered an unmapped memory access in the sleuth kit at: ntfs_dent.cpp:680:16
Found when fuzzing commit 4efa611.
Compile flags to reproduce:
CC=clang CXX=clang++ CFLAGS='-fsanitize=address -g -O2 -fno-omit-frame-pointer' CXXFLAGS=$CFLAGS make
System information:
$ uname -a Linux s127422 3.13.0-137-generic #186-Ubuntu SMP Mon Dec 4 19:09:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
This bug was found to be in sleuth kit releases from 4.0.1 up until and including the latest release 4.6.1
You can find a POC that triggers the bug here.
The full ASAN report is shown below:
↳ tools/fstools/fls -lrp crash.file ================================================================= ==7493==ERROR: AddressSanitizer: SEGV on unknown address 0x621000024d28 (pc 0x000000691ae9 bp 0x7ffd4abaa8b0 sp 0x7 ffd4abaa7e0 T0) #0 0x691ae8 in ntfs_fix_idxrec(NTFS_INFO*, ntfs_idxrec*, unsigned int) /home/glenn/temp/sleuthkit/tsk/fs/ntfs_d ent.cpp:680:16 #1 0x680008 in ntfs_dir_open_meta /home/glenn/temp/sleuthkit/tsk/fs/ntfs_dent.cpp:1167:17 #2 0x5019cf in tsk_fs_dir_open_meta /home/glenn/temp/sleuthkit/tsk/fs/fs_dir.c:290:14 #3 0x503a02 in tsk_fs_dir_walk_lcl /home/glenn/temp/sleuthkit/tsk/fs/fs_dir.c:556:19 #4 0x50375c in tsk_fs_dir_walk /home/glenn/temp/sleuthkit/tsk/fs/fs_dir.c:817:14 #5 0x4fb072 in tsk_fs_fls /home/glenn/temp/sleuthkit/tsk/fs/fls_lib.c:262:12 #6 0x4efba8 in main /home/glenn/temp/sleuthkit/tools/fstools/fls.cpp:307:9 #7 0x7f91cec5e82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #8 0x41a008 in _start (/home/glenn/temp/sleuthkit/results-binaries/fls-sleuthkit-4.6.1+0x41a008) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/glenn/temp/sleuthkit/tsk/fs/ntfs_dent.cpp:680:16 in ntfs_fix_idxrec(NTFS_INFO *, ntfs_idxrec*, unsigned int) ==7493==ABORTING
The text was updated successfully, but these errors were encountered:
CVE-2018-11737 was assigned to this issue (not requested by me)
Sorry, something went wrong.
No branches or pull requests
Hey there, I have discovered an unmapped memory access in the sleuth kit at: ntfs_dent.cpp:680:16
Found when fuzzing commit 4efa611.
Compile flags to reproduce:
System information:
This bug was found to be in sleuth kit releases from 4.0.1 up until and including the latest release 4.6.1
You can find a POC that triggers the bug here.
The full ASAN report is shown below:
The text was updated successfully, but these errors were encountered: