Hi, with passivedns built from commit 3f387d, we can trigger a segfault with a stack overflow in the parse_ip4 routine.
$ ./passivedns -r stack_overflow_parse_ip4.pcap
[*] PassiveDNS 1.2.1
[*] By Edward Bjarte Fjellskål <edward.fjellskaal@gmail.com>
[*] Using libpcap version 1.9.1 (with TPACKET_V3)
[*] Using ldns version 1.7.0
[*] Reading from file stack_overflow_parse_ip4.pcap
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==522174==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd825caf98 (pc 0x000000426bcc bp 0x7ffd825cb0d0 sp 0x7ffd825cafa0 T522174)
#0 0x426bcc in parse_ip4 (/root/passivedns/src/passivedns+0x426bcc)
#1 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#2 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#3 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#4 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#5 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
**SNIP**
#245 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#246 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#247 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#248 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#249 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
#250 0x426e5c in parse_ip4 (/root/passivedns/src/passivedns+0x426e5c)
SUMMARY: UndefinedBehaviorSanitizer: stack-overflow (/root/passivedns/src/passivedns+0x426bcc) in parse_ip4
==522174==ABORTING
gamelinux
commented
3 years ago
Hi, with passivedns built from commit 3f387d, we can trigger a segfault with a stack overflow in the parse_ip4 routine.
$ ./passivedns -r stack_overflow_parse_ip4.pcap