Skip to content

[CVE-2021-46141] .hostText memory is not properly duped/freed in uriNormalizeSyntax*, uriMakeOwner*, uriFreeUriMembers* for some URIs #121

Closed
@autofuzzoss

Description

@autofuzzoss

A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand.
The bug was found with a fuzzer based on the test-code"TestNormalizeSyntaxMaskRequired"

_crash log

==2151==ERROR: AddressSanitizer: SEGV on unknown address 0x0000004d9be0 (pc 0x00000041ca94 bp 0x000000000000 sp 0x7fff34437d00 T0)
==2151==The signal is caused by a WRITE memory access.
    #0 0x41ca94 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType)
    #1 0x493d41 in free 
    #2 0x4c6892 in (anonymous namespace)::countingFree(UriMemoryManagerStruct*, void*)
    #3 0x7fca1c05a4b2 in uriNormalizeSyntaxExMmA_ 

Steps to reproduce:

  1. git clone https://github.com/uriparser/uriparser.git
  2. cd uriparser & mkdir build & cd build
  3. Build
    cmake -DCMAKE_BUILD_TYPE=Release -DURIPARSER_BUILD_DOCS:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=ON ..
    make -j8
  4. Download the attached file(1.cpp)
  5. Build TEST CODE (1.cpp)
    clang++ -g -fsanitize=address,fuzzer-no-link -o 1 1.cpp -I uriparser/include/ -Luriparser/build -luriparser
  6. Run
    LD_LIBRARY_PATH=uriparser/build/ ./1

OS:ubuntu 18.04
uriparser_poc1.tar.gz

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingsecurity

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions