[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TFTP client crash seems to be caused by missing bounds check in make
From: |
Erik Auerswald |
Subject: |
Re: TFTP client crash seems to be caused by missing bounds check in makeargv() |
Date: |
Wed, 7 Sep 2022 18:47:59 +0200 |
Hi Simon,
On Tue, Sep 06, 2022 at 08:05:04PM +0200, Simon Josefsson wrote:
> Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
> > On 04.09.22 17:34, Erik Auerswald wrote:
> >> On 03.09.22 19:07, Erik Auerswald wrote:
> >>> On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
> >>>> [...]
> >>>> did you notice some fuzzing report that wasn't fixed?
> >>> [...]
> >>> * Problems found in tftp (the code did not change since the report):
> >>>
> >>> * Untrusted Pointer Dereference in getcmd() at
> >>> inetutils/src/tftp.c:878
> >>>
> >>> https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
> >> That seems to be a missing bounds check in makeargv(), similar
> >> to the old, now fixed, code in telnet.
> >> I'll look into creating a nice reproducer instead of the one
> >> found by the fuzzer, adding a test case, and fixing the bug.
> >
> > That is harder than expected…. Is there a reason *not* to use
> > the crash input found by the fuzzer in a test for GNU Inetutils?
>
> More testing would be great!
I expect to find the time to finalize this during the coming weekend.
I intend to use perl to write the fuzzer-generated test input provided
by AiDai into the tftp client, similar to the telnet tests you have
added for the respective crash bugs.
After adding the test case I intend to commit the attached patch for tftp.
What do you think?
Thanks,
Erik
0001-tftp-ignore-excess-arguments.patch
Description: Text Data
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., (continued)
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Guillem Jover, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/04
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/06
- TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/06
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(),
Erik Auerswald <=
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/08
- How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/11
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/12
- Re: How to check for perl or usable printf tools?, Alfred M. Szmidt, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/17
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/25
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/25
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/25
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/25