steps to build with asan:
./autogen.sh
CC=gcc CXX=g++ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure
make
To execute the ytnef ELF directly probably we need to add libs to ld path,steps:
1.sudo gedit /etc/ld.so.conf.d/my.conf
2.add /path/to/ytnef/lib/.libs/
3.sudo ldconfig
run as:
/path/to/ytnef/ytnef/.libs/ytnef /path/to/poc
The ytnef build with asan shows like:
ERROR: invalid alloc size 260 at ytnef.c : 307, suspected corruption (exceeded 100 bytes)
=================================================================
==335384==ERROR: AddressSanitizer: attempting double-free on 0x602000000030 in thread T0:
#0 0x7f89f9c777cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x7f89f9b4dd69 in TNEFFree (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0xdd69)
#2 0x563599c05092 in main (/home/r00t/fuzz/target/ytnef/ytnef/.libs/ytnef+0x6092)
#3 0x7f89f99750b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#4 0x563599c0472d in _start (/home/r00t/fuzz/target/ytnef/ytnef/.libs/ytnef+0x572d)
0x602000000030 is located 0 bytes inside of 5-byte region [0x602000000030,0x602000000035)
freed by thread T0 here:
#0 0x7f89f9c777cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x7f89f9b46825 in TNEFSubjectHandler (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0x6825)
#2 0x7f89f9b509fd in TNEFParse (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0x109fd)
#3 0x7f89f9b4f477 in TNEFParseFile (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0xf477)
#4 0x563599c04f8f in main (/home/r00t/fuzz/target/ytnef/ytnef/.libs/ytnef+0x5f8f)
#5 0x7f89f99750b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
previously allocated by thread T0 here:
#0 0x7f89f9c77dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
#1 0x7f89f9b4687a in TNEFSubjectHandler (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0x687a)
#2 0x7f89f9b509fd in TNEFParse (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0x109fd)
#3 0x7f89f9b4f477 in TNEFParseFile (/home/r00t/fuzz/target/ytnef/lib/.libs/libytnef.so.0+0xf477)
#4 0x563599c04f8f in main (/home/r00t/fuzz/target/ytnef/ytnef/.libs/ytnef+0x5f8f)
#5 0x7f89f99750b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: double-free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf) in __interceptor_free
==335384==ABORTING
Hi,
There is a double free issue with ytnef,this can reproduce on the lattest commit.
Project Github Address:
https://github.com/Yeraze/ytnef
Steps To Reproduce:
steps to build with asan: ./autogen.sh CC=gcc CXX=g++ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure make
To execute the ytnef ELF directly probably we need to add libs to ld path,steps: 1.sudo gedit /etc/ld.so.conf.d/my.conf 2.add /path/to/ytnef/lib/.libs/ 3.sudo ldconfig
run as: /path/to/ytnef/ytnef/.libs/ytnef /path/to/poc
The ytnef build with asan shows like:
Repoter:
5n1p3r0010 from Topsec Alpha Lab
ytnef-double_free1.zip