Closed hannob closed 7 years ago
Dear Hanno B??ck, you wrote:
Compiling yodl with address sanitizer (-fsanitize=address) shows an invalid memory read in the function queue_push().
Thanks for the bug report. I'll check it out asap.
Cheers,
Frank B. Brokken
Center for Information Technology, University of Groningen
(+31) 50 363 9281
Public PGP key: http://pgp.surfnet.nl
Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA
Dear Hanno B??ck, you wrote:
Compiling yodl with address sanitizer (-fsanitize=address) shows an invalid memory read in the function queue_push().
The problem is caused by copying too many bytes from an existing queue to the enlarged queue.
To fix the problem (it will be fixed in Yodl's next release) you can apply the following patch in the directory src/queue:
--- queuepush.c 2016-02-04 21:59:48.694823071 +0100 +++ /tmp/queuepush.c 2016-02-04 21:59:43.154817125 +0100 @@ -29,8 +29,11 @@
if (extra_length > available_length)
{
size_t original_length = memory_length;
+ /* enlarge the buffer: */ memory_length += extra_length - available_length + BLOCK_QUEUE; + cp = new_memory(memory_length, sizeof(char));
if (message_show(MSG_INFO))
@@ -48,7 +51,7 @@ } else /* q as one block */ {
(Saving this file as '/tmp/patch' do 'patch -p0 < /tmp/patch').
I also noticed that the address sanitizer reported several memory leaks. Not nice, and not the way it should be, but probably harder to fix. It'll probably be a while before I've fixed those leaks.
Thanks again for your bug-report!
Frank B. Brokken
Center for Information Technology, University of Groningen
(+31) 50 363 9281
Public PGP key: http://pgp.surfnet.nl
Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA
Invalid memory read addressed by https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3
cve requested via webform
CVE-2016-10375
Dear Marcus Meissner, you wrote:
CVE-2016-10375
Thanks for your posts about Yodl. Maybe you can provide a bit more info, like what the problem is you observed, and preferably also a yodl file producing the problem you observed?
I just compiled yodl using Hannob's (Feb 4, 2016) suggestion and got some memory leaks:
================================================================= ==29971==ERROR: LeakSanitizer: detected memory leaks
These are known and will be dealt with in due time (I'll try to squash them in Yodl's upcoming new version, which might be a major upgrade. Working on that right now, but I'm unable to give a realistic estimate as to when it will be available).
-- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA
CVE-identifiers are assigned for security vulnerabilities:
https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures https://cve.mitre.org/
The memory leaks reported by Hannob on Feb 4, 2016 have been dealth with in Yodl version 3.10.00, which I just uploaded to github. Since the memory read error in queue_push was dealt with in an earlier update (version 3.07.01), the issue reported by Hannob has now been dealt with and therefore I'm closing the issue.
(Just for the record ... CVE are dictionary entries that reference single security issues and their fixes. the CVE listed is for this specific issue with invalid memory read that you fixed in 3.07.01).
all good. :)
Dear Marcus Meissner, you wrote:
(Just for the record ... CVE are dictionary entries that reference single security issues and their fixes. the CVE listed is for this specific issue with invalid memory read that you fixed in 3.07.01).
all good. :)
OK, thx!
-- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA
Compiling yodl with address sanitizer (-fsanitize=address) shows an invalid memory read in the function queue_push().
I tried to look at the source and find the bug, but I'm not familiar with the code base and was unable to easily determine the reason.
This can be reproduced simply by trying to compile everything with address sanitizer enabled: CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./build programs CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./build macros CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./build man
This was tested with release 3.05.01. The error message from address sanitizer: