Bug #3570: rfb: invalid AppLayerResult use - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3570

closed

rfb: invalid AppLayerResult use

Added by Victor Julien about 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Sascha Steinbiss

Target version:

6.0.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Oss-Fuzz found some input to the RFB parser that triggers the (currently very unforgiving) checks on AppLayerResult.

fuzz_applayerparserparse: app-layer-parser.c:1268: AppLayerParserParse: Assertion `!(res.needed + res.consumed < input_len)' failed.

(gdb) f 4
#4  0x000055555594bc4e in AppLayerParserParse (tv=0x0, alp_tctx=0x61a00025bc80, f=0x613000555e40, alproto=24, flags=10 '\n', input=0x6020003eefd0 "\377\377\377\377", input_len=4) at app-layer-parser.c:1268
1268                BUG_ON(res.needed + res.consumed < input_len);
(gdb) p res
$1 = {status = 1, consumed = 0, needed = 3}

To reproduce:

./src/fuzz_applayerparserparse ~/Downloads/clusterfuzz-testcase-minimized-fuzz_applayerparserparse-5148616533737472

Compile with '--enable-fuzztargets'.

Files

clusterfuzz-testcase-minimized-fuzz_applayerparserparse-5148616533737472 (51 Bytes) clusterfuzz-testcase-minimized-fuzz_applayerparserparse-5148616533737472

Victor Julien, 03/29/2020 03:27 PM

Actions

Copy link

Updated by Sascha Steinbiss about 4 years ago

Fix proposed in https://github.com/OISF/suricata/pull/4748

Actions

Copy link

Updated by Victor Julien about 4 years ago

Status changed from Assigned to Closed

Oss-Fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21447

Fixed by: https://github.com/OISF/suricata/commit/713c379427c43aa9be9be1dcf7c3ed79a91cab94

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3570

rfb: invalid AppLayerResult use

Updated by Sascha Steinbiss about 4 years ago

Updated by Victor Julien about 4 years ago