Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack-overflow on libinjection_html5 #1820

Closed
IvanNardi opened this issue Dec 7, 2022 · 2 comments · Fixed by #1918
Closed

Stack-overflow on libinjection_html5 #1820

IvanNardi opened this issue Dec 7, 2022 · 2 comments · Fixed by #1918
Labels
bug help wanted

Comments

@IvanNardi
Copy link
Collaborator

IvanNardi commented Dec 7, 2022
edited
Loading

Describe the bug

The attached artifact triggers a stack overflow using fuzz_process_packet

nDPI Environment

  • OS name: Ubuntu
  • OS version: 20.04
  • Architecture: x86_64
  • nDPI version or commit hash: current dev, ada4fe4
  • nDPI compilation flags used: --enable-fuzztargets --with-sanitizer

How to reproduce the reported bug

./autogen.sh --enable-fuzztargets --with-sanitizer && make -j -s
[...]
./fuzz/fuzz_process_packet crash-4c33132208ee28c207353aff0b3fcaa381dd0a4d
[...]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==46275==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcf1a1ffc8 (pc 0x5652d97515a6 bp 0x7ffcf1a20100 sp 0x7ffcf1a1ffd0 T0)
    #0 0x5652d97515a6 in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #1 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #2 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #3 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #4 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #5 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #6 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #7 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #8 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #9 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #10 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #11 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #12 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16
    #13 0x5652d9745250 in h5_state_before_attribute_name /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:333:16
    #14 0x5652d97515aa in h5_state_self_closing_start_tag /home/ivan/svnrepos/nDPI/src/lib/third_party/src/libinjection_html5.c:596:16

crash-4c33132208ee28c207353aff0b3fcaa381dd0a4d.zip
@IvanNardi
Copy link
Collaborator Author

The bug report is now public: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54113

@IvanNardi
Copy link
Collaborator Author

Ongoing discussion on upstream: libinjection/libinjection#33

@IvanNardi IvanNardi mentioned this issue Mar 27, 2023
Merged
IvanNardi added a commit to IvanNardi/nDPI that referenced this issue Mar 27, 2023
@IvanNardi
Update libinjection code
0c1d0e9 
Update libinjection code to the current master libinjection/libinjection@7e4b74e

The goal is to finally fix ntop#1820
See: libinjection/libinjection#33

Close ntop#1820
IvanNardi added a commit to IvanNardi/nDPI that referenced this issue Apr 2, 2023
@IvanNardi
Update libinjection code
6a0bd35 
Update libinjection code to the current master libinjection/libinjection@7e4b74e

The goal is to finally fix ntop#1820
See: libinjection/libinjection#33

Update the corpus of the libinjection fuzzers

Close ntop#1820
IvanNardi added a commit that referenced this issue Apr 4, 2023
@IvanNardi
Update libinjection code (#1918)
d766237 
Update libinjection code to the current master libinjection/libinjection@7e4b74e

The goal is to finally fix #1820
See: libinjection/libinjection#33

Update the corpus of the libinjection fuzzers

Close #1820
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update libinjection code IvanNardi/nDPI
1 participant
@IvanNardi