Project

General

Profile

Actions

Security #5623

closed

smtp/base64: crash / memory corruption

Added by Victor Julien about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:

f80c999db320aa60570b4e04846bd7beeed96cd6

Severity:
CRITICAL
Disclosure Date:


Subtasks 1 (0 open1 closed)

Security #5694: smtp/base64: crash / memory corruption (6.0.x backport)ClosedVictor JulienActions
Actions #1

Updated by Victor Julien about 2 years ago

Related?

In file included from /usr/include/string.h:535,
                 from suricata-common.h:97,
                 from util-decode-mime.c:26:
In function ‘memcpy’,
    inlined from ‘ProcessBase64Remainder’ at util-decode-mime.c:1211:13:
/usr/include/riscv64-linux-gnu/bits/string_fortified.h:29:10: warning: ‘__builtin_memcpy’ forming offset 4 is out of the bounds [0, 4] of object ‘block’ with type ‘uint8_t[4]’ {aka ‘unsigned char[4]’} [-Warray-bounds]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
util-decode-mime.c: In function ‘ProcessBase64Remainder’:
util-decode-mime.c:1184:13: note: ‘block’ declared here
 1184 |     uint8_t block[B64_BLOCK];
      |             ^~~~~

Actions #2

Updated by Shivani Bhardwaj about 2 years ago

  • Status changed from Assigned to In Review
  • Affected Versions 6.0.8, 7.0.0-beta1 added
  • Label Needs backport to 6.0 added
Actions #3

Updated by Shivani Bhardwaj about 2 years ago

Victor Julien wrote in #note-1:

Related?
[...]

It could be a similar issue. Yes. Do you get this warning on 7.0.0-beta1? I added -Warray-bounds to the CFLAGS but didn't get this..

Actions #5

Updated by Victor Julien about 2 years ago

  • Subtask #5694 added
Actions #6

Updated by Victor Julien about 2 years ago

  • Severity changed from MODERATE to CRITICAL
Actions #7

Updated by Victor Julien about 2 years ago

  • Label deleted (Needs backport to 6.0)
Actions #9

Updated by Victor Julien almost 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF