Skip to content

ntlm: silence ubsan warning about copying from null target_info pointer.#4

Merged
nmoinvaz merged 1 commit intosnxd-7_84_0from
nathan/ntlm-target-info-snxd
Nov 12, 2022
Merged

ntlm: silence ubsan warning about copying from null target_info pointer.#4
nmoinvaz merged 1 commit intosnxd-7_84_0from
nathan/ntlm-target-info-snxd

Conversation

@nmoinvaz
Copy link
Copy Markdown

@nmoinvaz nmoinvaz commented Nov 12, 2022

runtime error: null pointer passed as argument 2, which is declared to never be null

#0 0xe7909c in Curl_ntlm_core_mk_ntlmv2_resp curl/lib/curl_ntlm_core.c:661:3

@nmoinvaz
ntlm: silence ubsan warning about copying from null target_info pointer.
967c541 
runtime error: null pointer passed as argument 2, which is declared
to never be null

#0 0xe7909c in Curl_ntlm_core_mk_ntlmv2_resp curl/lib/curl_ntlm_core.c:661:3
@nmoinvaz nmoinvaz requested a review from sergio-nsk November 12, 2022 00:46
@nmoinvaz nmoinvaz added the sanitizer fix Sanitizer warning fix label Nov 12, 2022
@nmoinvaz nmoinvaz enabled auto-merge (rebase) November 12, 2022 00:46
@nmoinvaz
Copy link
Copy Markdown
Author

nmoinvaz commented Nov 12, 2022

@sergio-nsk if you approve, I can make a PR for curl/curl.

sergio-nsk
sergio-nsk reviewed Nov 12, 2022
View reviewed changes
Copy link
Copy Markdown

@sergio-nsk sergio-nsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you care of ub warning?

@nmoinvaz nmoinvaz merged commit 65b0f0a into snxd-7_84_0 Nov 12, 2022
@nmoinvaz nmoinvaz deleted the nathan/ntlm-target-info-snxd branch November 12, 2022 02:51
@nmoinvaz
Copy link
Copy Markdown
Author

nmoinvaz commented Nov 12, 2022

I just want to remove the warning from the logs.

sergio-nsk added a commit that referenced this pull request Jul 31, 2023
@sergio-nsk
Fix heap buffer overflow
97e6a90 
Further `u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.
```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
    #0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
    #1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
    #2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
    #3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
    #4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
    #5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
    #6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
    curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
    curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
    curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```
nmoinvaz pushed a commit that referenced this pull request Aug 8, 2023
@sergio-nsk @bagder
urlapi: fix heap buffer overflow
a21f318 
`u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.

```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
    #0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
    #1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
    #2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
    #3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
    #4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
    #5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
    #6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
    curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
    curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
    curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```

Closes curl#11560
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergio-nsk sergio-nsk sergio-nsk approved these changes

Assignees

No one assigned

Labels

sanitizer fix Sanitizer warning fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nmoinvaz @sergio-nsk