Actions
Security #5623
closedsmtp/base64: crash / memory corruption
Git IDs:
f80c999db320aa60570b4e04846bd7beeed96cd6
Severity:
CRITICAL
Disclosure Date:
Description
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52608&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52627&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52638&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52590&q=proj%3Dsuricata&can=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52584&q=proj%3Dsuricata&can=2
We need to check if this also affects 6.0.8.
Updated by Victor Julien over 1 year ago
Related?
In file included from /usr/include/string.h:535,
from suricata-common.h:97,
from util-decode-mime.c:26:
In function ‘memcpy’,
inlined from ‘ProcessBase64Remainder’ at util-decode-mime.c:1211:13:
/usr/include/riscv64-linux-gnu/bits/string_fortified.h:29:10: warning: ‘__builtin_memcpy’ forming offset 4 is out of the bounds [0, 4] of object ‘block’ with type ‘uint8_t[4]’ {aka ‘unsigned char[4]’} [-Warray-bounds]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
util-decode-mime.c: In function ‘ProcessBase64Remainder’:
util-decode-mime.c:1184:13: note: ‘block’ declared here
1184 | uint8_t block[B64_BLOCK];
| ^~~~~
Updated by Shivani Bhardwaj over 1 year ago
- Status changed from Assigned to In Review
- Affected Versions 6.0.8, 7.0.0-beta1 added
- Label Needs backport to 6.0 added
Updated by Shivani Bhardwaj over 1 year ago
Victor Julien wrote in #note-1:
Related?
[...]
It could be a similar issue. Yes. Do you get this warning on 7.0.0-beta1? I added -Warray-bounds to the CFLAGS but didn't get this..
Updated by Victor Julien over 1 year ago
- Severity changed from MODERATE to CRITICAL
Updated by Victor Julien over 1 year ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Actions