[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heap-based Buffer Overflow in logger
From: |
Simon Josefsson |
Subject: |
Re: Heap-based Buffer Overflow in logger |
Date: |
Thu, 07 Jul 2022 23:49:30 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
AiDai <wyxaidai@gmail.com> writes:
> 0x60c00000003f is located 1 bytes to the left of 120-byte region
Nice catch! Reproducing it is easy:
jas@latte:~/src/inetutils$ valgrind src/logger -s ''
...
==339979== Invalid read of size 1
==339979== at 0x10AA71: send_to_syslog (logger.c:329)
==339979== by 0x10A5CD: main (logger.c:504)
==339979== Address 0x4a343ef is 1 bytes before a block of size 1 alloc'd
==339979== at 0x483877F: malloc (vg_replace_malloc.c:307)
==339979== by 0x10CB08: xmalloc (xmalloc.c:44)
==339979== by 0x10A57D: main (logger.c:494)
Writing a self-check for it is harder though, since the tool doesn't
crash.
Fixed by this patch:
https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=8e0df0e80b156a09ff361050bac38bbdcda03aef
/Simon
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Heap-based Buffer Overflow in logger,
Simon Josefsson <=