Actions
Security #5623
closedsmtp/base64: crash / memory corruption
Git IDs:
f80c999db320aa60570b4e04846bd7beeed96cd6
Severity:
CRITICAL
Disclosure Date:
Description
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52608&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52627&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52638&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52590&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52584&q=proj%3Dsuricata&can=2
We need to check if this also affects 6.0.8.
Updated by Victor Julien about 2 years ago
Related?
In file included from /usr/include/string.h:535, from suricata-common.h:97, from util-decode-mime.c:26: In function ‘memcpy’, inlined from ‘ProcessBase64Remainder’ at util-decode-mime.c:1211:13: /usr/include/riscv64-linux-gnu/bits/string_fortified.h:29:10: warning: ‘__builtin_memcpy’ forming offset 4 is out of the bounds [0, 4] of object ‘block’ with type ‘uint8_t[4]’ {aka ‘unsigned char[4]’} [-Warray-bounds] 29 | return __builtin___memcpy_chk (__dest, __src, __len, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 30 | __glibc_objsize0 (__dest)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ util-decode-mime.c: In function ‘ProcessBase64Remainder’: util-decode-mime.c:1184:13: note: ‘block’ declared here 1184 | uint8_t block[B64_BLOCK]; | ^~~~~
Updated by Shivani Bhardwaj about 2 years ago
- Status changed from Assigned to In Review
- Affected Versions 6.0.8, 7.0.0-beta1 added
- Label Needs backport to 6.0 added
Updated by Shivani Bhardwaj about 2 years ago
Victor Julien wrote in #note-1:
Related?
[...]
It could be a similar issue. Yes. Do you get this warning on 7.0.0-beta1? I added -Warray-bounds
to the CFLAGS but didn't get this..
Updated by Victor Julien about 2 years ago
- Severity changed from MODERATE to CRITICAL
Updated by Victor Julien about 2 years ago
- Label deleted (
Needs backport to 6.0)
Updated by Victor Julien almost 2 years ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Actions