Open Sunzyuu opened 2 months ago
I was recently using fuzz to conduct security testing on pcapfix, and found a bug in pcapfix . The specific information is as follows:
./pcapfix -d pcapfix_poc
pcapfix 1.1.7 (c) 2012-2021 Robert Krause [*] Reading from file: ./out/default/crashes/id:000086,sig:06,src:000502+000862,time:98788114,op:splice,rep:4 [*] Writing to file: fixed_id:000086,sig:06,src:000502+000862,time:98788114,op:splice,rep:4 [*] File size: 851 bytes. [+] This is a PCAPNG file. [-] Invalid Block size => CORRECTED. [-] Unknown Byte Order Magic: 0x40087 ==> CORRECTED. [-] Major version number: 0 ==> CORRECTED. [-] Minor version number: 16 ==> CORRECTED. [-] Unknown option code: 0xffff (34815 bytes) ==> SKIPPING. [-] Block size mismatch (0x00000301 != 0x0000016a) ==> CORRECTED. [-] Found 322 bytes of unknown data ==> SKIPPING. [*] Progress: 42.54 % [*] Progress: 44.42 % [-] Invalid Block size => CORRECTED. [-] Unknown Byte Order Magic: 0x4e2d2d2d ==> CORRECTED. [-] Major version number: 25934 ==> CORRECTED. [-] Minor version number: 6008 ==> CORRECTED. [-] Unknown option code: 0x1717 (5911 bytes) ==> SKIPPING. [-] Block size mismatch (0x00171717 != 0x00000033) ==> CORRECTED. [-] Found 19 bytes of unknown data ==> SKIPPING. [-] Invalid Block size => CORRECTED. [-] Unknown Byte Order Magic: 0x4e2d2d2d ==> CORRECTED. [-] Major version number: 25934 ==> CORRECTED. [-] Minor version number: 6008 ==> CORRECTED. [-] Unknown option code: 0x1717 (5911 bytes) ==> SKIPPING. [-] Block size mismatch (0x17171717 != 0x0000018a) ==> CORRECTED. [-] Found 362 bytes of unknown data ==> SKIPPING. [*] Progress: 98.59 % [-] Invalid Block size => CORRECTED. ================================================================= ==19806==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffffe (0x800 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0) #0 0x49727d in malloc (/work/autofz/github/pcapfix/pcapfix+0x49727d) #1 0x4e9710 in fix_pcapng /work/autofz/github/pcapfix/pcapng.c:678:16 #2 0x4c9af4 in main /work/autofz/github/pcapfix/pcapfix.c #3 0x7f18b364483f in __libc_start_main /build/glibc-S7Ft5T/glibc-2.23/csu/../csu/libc-start.c:291 ==19806==HINT: if you don't care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: allocation-size-too-big (/work/autofz/github/pcapfix/pcapfix+0x49727d) in malloc ==19806==ABORTING
The poc that triggers the error is as follows:https://github.com/Sunzyuu/seed/blob/main/pacpfix_poc I hope my report will be of some help to pcapfix, thank you!
DUP of issue #28
Rup0rt
commented
1 month ago Rup0rt
commented
1 month ago
I was recently using fuzz to conduct security testing on pcapfix, and found a bug in pcapfix . The specific information is as follows:
The poc that triggers the error is as follows:https://github.com/Sunzyuu/seed/blob/main/pacpfix_poc I hope my report will be of some help to pcapfix, thank you!