Who to contact for security issues #1726
Comments
|
You can write to vmalvarez @ virustotal.com
El dom, 12 jun 2022 10:34, Jamie Slome ***@***.***> escribió:
… Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A
researcher ***@***.*** <https://github.com/sudhackar>) has found a
potential issue, which I would be eager to share with you.
Could you add a SECURITY.md file with an e-mail address for me to send
further details to? GitHub recommends
<https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository>
a security policy to ensure issues are responsibly disclosed, and it would
help direct researchers in the future.
Looking forward to hearing from you 👍
(cc @huntr-helper <https://github.com/huntr-helper>)
—
Reply to this email directly, view it on GitHub
<#1726>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABMVGOQBRIYFL6UZLOUCPDVOWOITANCNFSM5YRMEGBA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
Added a |
wxsBSD
added a commit
to wxsBSD/yara
that referenced
this issue
Jun 15, 2022
This commit fixes a few crashes in the dex module. There are actually three of them: The first is incorrect usage of "struct_fits_in_dex" caused by passing "sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In the test case the pointer for code_item started in the bounds of the dex but only the first 8 bytes were within bounds, and since "sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here is to pass just the struct type as the third argument. The second crash was an off-by-one error when parsing a string. The check ensured the string fits in the dex but was not including an extra byte which was copied in the call to set_sized_string. Just like before, this was a case of a string falling right on the end of a dex file. The third crash was due to a missing "struct_fits_in_dex" check. We ended up with a pointer to a map_item_t which was off the ends of the dex bounds. With this commit all the test cases provided in the report are now passing. I did a quick sweep of the module to make sure there were no other cases where we were incorrectly using "struct_fits_in_dex" and didn't find any. These were all documented at a private report via huntr.dev (https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/) Found by @sudhackar. Fixes VirusTotal#1726.
plusvic
pushed a commit
that referenced
this issue
Jun 15, 2022
* Fix compiler warnings with dex debug mode. * Fix crashes in dex module. This commit fixes a few crashes in the dex module. There are actually three of them: The first is incorrect usage of "struct_fits_in_dex" caused by passing "sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In the test case the pointer for code_item started in the bounds of the dex but only the first 8 bytes were within bounds, and since "sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here is to pass just the struct type as the third argument. The second crash was an off-by-one error when parsing a string. The check ensured the string fits in the dex but was not including an extra byte which was copied in the call to set_sized_string. Just like before, this was a case of a string falling right on the end of a dex file. The third crash was due to a missing "struct_fits_in_dex" check. We ended up with a pointer to a map_item_t which was off the ends of the dex bounds. With this commit all the test cases provided in the report are now passing. I did a quick sweep of the module to make sure there were no other cases where we were incorrectly using "struct_fits_in_dex" and didn't find any. These were all documented at a private report via huntr.dev (https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/) Found by @sudhackar. Fixes #1726.
plusvic
pushed a commit
that referenced
this issue
Jun 30, 2022
* Fix compiler warnings with dex debug mode. * Fix crashes in dex module. This commit fixes a few crashes in the dex module. There are actually three of them: The first is incorrect usage of "struct_fits_in_dex" caused by passing "sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In the test case the pointer for code_item started in the bounds of the dex but only the first 8 bytes were within bounds, and since "sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here is to pass just the struct type as the third argument. The second crash was an off-by-one error when parsing a string. The check ensured the string fits in the dex but was not including an extra byte which was copied in the call to set_sized_string. Just like before, this was a case of a string falling right on the end of a dex file. The third crash was due to a missing "struct_fits_in_dex" check. We ended up with a pointer to a map_item_t which was off the ends of the dex bounds. With this commit all the test cases provided in the report are now passing. I did a quick sweep of the module to make sure there were no other cases where we were incorrectly using "struct_fits_in_dex" and didn't find any. These were all documented at a private report via huntr.dev (https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/) Found by @sudhackar. Fixes #1726.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@sudhackar) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: