Project

General

Profile

Actions
Copy link

Bug #7028

closed

base64: heap buffer overflow in RFC 2045 and 4648 modes

Added by Shivani Bhardwaj about 1 year ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

==1489==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000001011 at pc 0x55c62ca3889c bp 0x7ffe79abb030 sp 0x7ffe79abb028
WRITE of size 1 at 0x502000001011 thread T0 (Suricata-Main)
SCARINESS: 31 (1-byte-write-heap-buffer-overflow)
    #0 0x55c62ca3889b in DecodeBase64Block /src/suricata/src/util-base64.c:93:14
    #1 0x55c62ca3889b in DecodeBase64RFC2045 /src/suricata/src/util-base64.c:147:13
    #2 0x55c62ca3889b in DecodeBase64 /src/suricata/src/util-base64.c:293:19
    #3 0x55c62ca16ced in Base64FuzzTest /src/suricata/src/tests/fuzz/fuzz_decodebase64.c:27:9
    #4 0x55c62ca16ced in LLVMFuzzerTestOneInput /src/suricata/src/tests/fuzz/fuzz_decodebase64.c:49:5
    #5 0x55c62c8c94c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #6 0x55c62c8c8ce5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:516:7
    #7 0x55c62c8ca4b5 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:760:19
    #8 0x55c62c8cb2a5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile>>&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:905:5
    #9 0x55c62c8b95b6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:914:6
    #10 0x55c62c8e5ae2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7f056a61b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 87b331c034a6458c64ce09c03939e947212e18ce)
    #12 0x55c62c8aa72d in _start (build-out/fuzz_decodebase64+0x198372d)

Related issues 2 (0 open2 closed)

Related to Suricata - Security #6902: base64: off-by-three overflow in DecodeBase64()ClosedPhilippe AntoineActions
Related to Suricata - Bug #6964: base64: consumed bytes are incorrectly set for different modesClosedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Philippe Antoine about 1 year ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #2

Updated by Philippe Antoine about 1 year ago

  • Subject changed from base64: heap buffer overflow in RFC 2045 mode to base64: heap buffer overflow in RFC 2045 and 4648 modes
Actions
Copy link
 #3

Updated by Philippe Antoine about 1 year ago

Only in master, no need to backport

Actions
Copy link
 #4

Updated by Philippe Antoine about 1 year ago

  • Related to Security #6902: base64: off-by-three overflow in DecodeBase64() added
Actions
Copy link
 #5

Updated by Philippe Antoine about 1 year ago

  • Related to Bug #6964: base64: consumed bytes are incorrectly set for different modes added
Actions
Copy link
 #6

Updated by Philippe Antoine about 1 year ago

This is a resurgence of #6902 reintroduced by the commits of #6964

Actions
Copy link
 #7

Updated by Shivani Bhardwaj about 1 year ago

  • Status changed from In Review to Closed
Actions
Copy link
 #8

Updated by Jason Ish 7 days ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF