search

davetroy / astmanproxy

Asterisk Manager Proxy
63 stars 53 forks source link

Buffer overflow upon GET connection #2

Open jmkgreen opened 15 years ago

jmkgreen commented 15 years ago

Using latest from trunk on Intel 64bit Ubuntu 9.04:

Jul 17 10:59:09: is_encrypted: 0 Jul 17 10:59:09: Connection received from 127.0.0.1 Jul 17 10:59:09: Set 127.0.0.1 input format to http Jul 17 10:59:09: Set 127.0.0.1 output format to xml Jul 17 10:59:09: res=0, line: Jul 17 10:59:09: res=1, line: GET /?Action=ShowChannels&ActionID=foo HTTP/1.0 Jul 17 10:59:09: Got http: GET /?Action=ShowChannels&ActionID=foo HTTP/1.0 * buffer overflow detected *: astmanproxy terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7ff4a8a2d2c7] /lib/libc.so.6[0x7ff4a8a2b170] /usr/lib/astmanproxy/modules/http.so(_read+0x346)[0x7ff4a7b83626] astmanproxy(session_do+0x8a)[0x40585a] /lib/libpthread.so.0[0x7ff4a8ca73ba] /lib/libc.so.6(clone+0x6d)[0x7ff4a8a13fcd] ======= Memory map: ======== 00400000-0040e000 r-xp 00000000 08:01 3253974 /usr/local/sbin/astmanproxy 0060d000-0060e000 r--p 0000d000 08:01 3253974 /usr/local/sbin/astmanproxy 0060e000-0060f000 rw-p 0000e000 08:01 3253974 /usr/local/sbin/astmanproxy 0115e000-0117f000 rw-p 0115e000 00:00 0 [heap] 7ff4a612d000-7ff4a6143000 r-xp 00000000 08:01 6406208 /lib/libgcc_s.so.1 7ff4a6143000-7ff4a6343000 ---p 00016000 08:01 6406208 /lib/libgcc_s.so.1 7ff4a6343000-7ff4a6344000 r--p 00016000 08:01 6406208 /lib/libgcc_s.so.1 7ff4a6344000-7ff4a6345000 rw-p 00017000 08:01 6406208 /lib/libgcc_s.so.1 7ff4a6345000-7ff4a6346000 ---p 7ff4a6345000 00:00 0 7ff4a6346000-7ff4a6b46000 rw-p 7ff4a6346000 00:00 0 7ff4a6b46000-7ff4a6b47000 ---p 7ff4a6b46000 00:00 0 7ff4a6b47000-7ff4a7347000 rw-p 7ff4a6b47000 00:00 0 7ff4a7347000-7ff4a7353000 r-xp 00000000 08:01 6406176 /lib/libnss_files-2.9.so 7ff4a7353000-7ff4a7552000 ---p 0000c000 08:01 6406176 /lib/libnss_files-2.9.so 7ff4a7552000-7ff4a7553000 r--p 0000b000 08:01 6406176 /lib/libnss_files-2.9.so 7ff4a7553000-7ff4a7554000 rw-p 0000c000 08:01 6406176 /lib/libnss_files-2.9.so 7ff4a7554000-7ff4a755e000 r-xp 00000000 08:01 6406178 /lib/libnss_nis-2.9.so 7ff4a755e000-7ff4a775d000 ---p 0000a000 08:01 6406178 /lib/libnss_nis-2.9.so 7ff4a775d000-7ff4a775e000 r--p 00009000 08:01 6406178 /lib/libnss_nis-2.9.so 7ff4a775e000-7ff4a775f000 rw-p 0000a000 08:01 6406178 /lib/libnss_nis-2.9.so 7ff4a775f000-7ff4a7775000 r-xp 00000000 08:01 6406173 /lib/libnsl-2.9.so 7ff4a7775000-7ff4a7975000 ---p 00016000 08:01 6406173 /lib/libnsl-2.9.so 7ff4a7975000-7ff4a7976000 r--p 00016000 08:01 6406173 /lib/libnsl-2.9.so 7ff4a7976000-7ff4a7977000 rw-p 00017000 08:01 6406173 /lib/libnsl-2.9.so 7ff4a7977000-7ff4a7979000 rw-p 7ff4a7977000 00:00 0 7ff4a7979000-7ff4a7981000 r-xp 00000000 08:01 6406174 /lib/libnss_compat-2.9.so 7ff4a7981000-7ff4a7b80000 ---p 00008000 08:01 6406174 /lib/libnss_compat-2.9.so 7ff4a7b80000-7ff4a7b81000 r--p 00007000 08:01 6406174 /lib/libnss_compat-2.9.so 7ff4a7b81000-7ff4a7b82000 rw-p 00008000 08:01 6406174 /lib/libnss_compat-2.9.so 7ff4a7b82000-7ff4a7b84000 r-xp 00000000 08:01 3270740 /usr/lib/astmanproxy/modules/http.so 7ff4a7b84000-7ff4a7d83000 ---p 00002000 08:01 3270740 /usr/lib/astmanproxy/modules/http.so 7ff4a7d83000-7ff4a7d84000 r--p 00001000 08:01 3270740 /usr/lib/astmanproxy/modules/http.so 7ff4a7d84000-7ff4a7d85000 rw-p 00002000 08:01 3270740 /usr/lib/astmanproxy/modules/http.so 7ff4a7d85000-7ff4a7d86000 r-xp 00000000 08:01 3270738 /usr/lib/astmanproxy/modules/standard.so 7ff4a7d86000-7ff4a7f86000 ---p 00001000 08:01 3270738 /usr/lib/astmanproxy/modules/standard.so 7ff4a7f86000-7ff4a7f87000 r--p 00001000 08:01 3270738 /usr/lib/astmanproxy/modules/standard.so 7ff4a7f87000-7ff4a7f88000 rw-p 00002000 08:01 3270738 /usr/lib/astmanproxy/modules/standard.so 7ff4a7f88000-7ff4a7f89000 r-xp 00000000 08:01 3270739 /usr/lib/astmanproxy/modules/csv.so 7ff4a7f89000-7ff4a8188000 ---p 00001000 08:01 3270739 /usr/lib/astmanproxy/modules/csv.so 7ff4a8188000-7ff4a8189000 r--p 00000000 08:01 3270739 /usr/lib/astmanproxy/modules/csv.so 7ff4a8189000-7ff4a818a000 rw-p 00001000 08:01 3270739 /usr/lib/astmanproxy/modules/csv.so 7ff4a818a000-7ff4a818c000 r-xp 00000000 08:01 3270737 /usr/lib/astmanproxy/modules/xml.so 7ff4a818c000-7ff4a838b000 ---p 00002000 08:01 3270737 /usr/lib/astmanproxy/modules/xml.so 7ff4a838b000-7ff4a838c000 r--p 00001000 08:01 3270737 /usr/lib/astmanproxy/modules/xml.so 7ff4a838c000-7ff4a838d000 rw-p 00002000 08:01 3270737 /usr/lib/astmanproxy/modules/xml.so 7ff4a838d000-7ff4a83a4000 r-xp 00000000 08:01 6406282 /lib/libz.so.1.2.3.3 7ff4a83a4000-7ff4a85a3000 ---p 00017000 08:01 6406282 /lib/libz.so.1.2.3.3 7ff4a85a3000-7ff4a85a4000 r--p 00016000 08:01 6406282 /lib/libz.so.1.2.3.3 7ff4a85a4000-7ff4a85a5000 rw-p 00017000 08:01 6406282 /lib/libz.so.1.2.3.3 7ff4a85a5000-7ff4a8708000 r-xp 00000000 08:01 6406321 /lib/libcrypto.so.0.9.8 7ff4a8708000-7ff4a8907000 ---p 00163000 08:01 6406321 /lib/libcrypto.so.0.9.8 7ff4a8907000-7ff4a8914000 r--p 00162000 08:01 6406321 /lib/libcrypto.so.0.9.8 7ff4a8914000-7ff4a892a000 rw-p 0016f000 08:01 6406321 /lib/libcrypto.so.0.9.8 7ff4a892a000-7ff4a892e000 rw-p 7ff4a892a000 00:00 0 7ff4a892e000-7ff4a8a96000 r-xp 00000000 08:01 6406161 /lib/libc-2.9.so 7ff4a8a96000-7ff4a8c96000 ---p 00168000 08:01 6406161 /lib/libc-2.9.so 7ff4a8c96000-7ff4a8c9a000 r--p 00168000 08:01 6406161 /lib/libc-2.9.so 7ff4a8c9a000-7ff4a8c9b000 rw-p 0016c000 08:01 6406161 /lib/libc-2.9.so 7ff4a8c9b000-7ff4a8ca0000 rw-p 7ff4a8c9b000 00:00 0 7ff4a8ca0000-7ff4a8cb7000 r-xp 00000000 08:01 6406181 /lib/libpthread-2.9.so 7ff4a8cb7000-7ff4a8eb6000 ---p 00017000 08:01 6406181 /lib/libpthread-2.9.so 7ff4a8eb6000-7ff4a8eb7000 r--p 00016000 08:01 6406181 /lib/libpthread-2.9.so 7ff4a8eb7000-7ff4a8eb8000 rw-p 00017000 08:01 6406181 /lib/libpthread-2.9.so 7ff4a8eb8000-7ff4a8ebc000 rw-p 7ff4a8eb8000 00:00 0 7ff4a8ebc000-7ff4a8ebe000 r-xp 00000000 08:01 6406170 /lib/libdl-2.9.so 7ff4a8ebe000-7ff4a90be000 ---p 00002000 08:01 6406170 /lib/libdl-2.9.so 7ff4a90be000-7ff4a90bf000 r--p 00002000 08:01 6406170 /lib/libdl-2.9.so 7ff4a90bf000-7ff4a90c0000 rw-p 00003000 08:01 6406170 /lib/libdl-2.9.so 7ff4a90c0000-7ff4a9109000 r-xp 00000000 08:01 6406322 /lib/libssl.so.0.9.8 7ff4a9109000-7ff4a9309000 ---p 00049000 08:01 6406322 /lib/libssl.so.0.9.8 7ff4a9309000-7ff4a930a000 r--p 00049000 08:01 6406322 /lib/libssl.so.0.9.8 7ff4a930a000-7ff4a930f000 rw-p 0004a000 08:01 6406322 /lib/libssl.so.0.9.8 7ff4a930f000-7ff4a932f000 r-xp 00000000 08:01 6406158 /lib/ld-2.9.so 7ff4a94e0000-7ff4a9525000 rw-p 7ff4a94e0000 00:00 0 7ff4a9529000-7ff4a952e000 rw-p 7ff4a9529000 00:00 0 7ff4a952e000-7ff4a952f000 r--p 0001f000 08:01 6406158 /lib/ld-2.9.so 7ff4a952f000-7ff4a9530000 rw-p 00020000 08:01 6406158 /lib/ld-2.9.so 7fffb151b000-7fffb1530000 rw-p 7ffffffea000 00:00 0 [stack] 7fffb15ff000-7fffb1600000 r-xp 7fffb15ff000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted

xionod commented 11 years ago

I also have a the same error on ubuntu x64, this patch fixes it http.c

---if ( strlen(line) > 14 && (tmp = strcasestr(line, " HTTP")) ) { +++if ( strlen(line) > 14 && (tmp = strstr(line, " HTTP/1.1")) ) {