Project

General

Profile

Actions
Copy link

Bug #3593

closed

Stack overflow when parsing ERF file

Added by Fakhri Zulkifli over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
6.0.0beta1
Affected Versions:
6.0.0beta1
Effort:
Difficulty:
low
Label:

Description

Despite the low possibility of potential threat. The unchecked rlen in ReadErfRecord function will cause a stack overflow when the value assigned is below sizeof(DagRecord).

    int rlen = SCNtohs(dr.rlen);
    int wlen = SCNtohs(dr.wlen);
    r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);
    if (r < 1) {

Files

poc.erf (4 KB) poc.erf Fakhri Zulkifli, 04/03/2020 10:39 AM
Actions
Copy link
 #1

Updated by Jason Ish over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Jason Ish
Actions
Copy link
 #2

Updated by Jason Ish over 4 years ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #3

Updated by Jason Ish over 4 years ago

  • Status changed from In Review to Closed
  • Target version set to 6.0.0beta1
Actions
Copy link

Also available in: Atom PDF