View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003991 | GNUnet | peerinfo service | public | 2015-09-24 17:45 | 2018-06-07 00:24 |
Reporter | Bart Polot | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
Summary | 0003991: Peerinfo crashes on buffer overflow | ||||
Description | gcc -fsanitize=address reports: ================================================================= ==22177==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd3153e49f at pc 0x7f74f99fed25 bp 0x7ffd3152e1e0 sp 0x7ffd3152d988 READ of size 51472 at 0x7ffd3153e49f thread T0 #0 0x7f74f99fed24 in __asan_memcpy /build/gcc/src/gcc-5.2.0/libsanitizer/asan/asan_interceptors.cc:367 #1 0x7f74f976b161 in GNUNET_HELLO_iterate_addresses /home/bart/g/src/hello/hello.c:307 #2 0x40338a in read_host_file /home/bart/g/src/peerinfo/gnunet-service-peerinfo.c:383 #3 0x403ebe in add_host_to_known_hosts /home/bart/g/src/peerinfo/gnunet-service-peerinfo.c:481 #4 0x4071fc in handle_hello /home/bart/g/src/peerinfo/gnunet-service-peerinfo.c:1074 #5 0x7f74f92cc360 in GNUNET_SERVER_inject /home/bart/g/src/util/server.c:997 #6 0x7f74f92cda3f in client_message_tokenizer_callback /home/bart/g/src/util/server.c:1256 #7 0x7f74f92d2150 in GNUNET_SERVER_mst_receive /home/bart/g/src/util/server_mst.c:221 #8 0x7f74f92cc816 in process_mst /home/bart/g/src/util/server.c:1073 #9 0x7f74f92cd4c2 in process_incoming /home/bart/g/src/util/server.c:1191 #10 0x7f74f9266251 in receive_ready /home/bart/g/src/util/connection.c:1156 #11 0x7f74f92c4596 in run_ready /home/bart/g/src/util/scheduler.c:587 #12 0x7f74f92c5279 in GNUNET_SCHEDULER_run /home/bart/g/src/util/scheduler.c:868 #13 0x7f74f92df389 in GNUNET_SERVICE_run /home/bart/g/src/util/service.c:1503 #14 0x408c13 in main /home/bart/g/src/peerinfo/gnunet-service-peerinfo.c:1396 #15 0x7f74f7eec60f in __libc_start_main (/usr/lib/libc.so.6+0x2060f) #16 0x4024a8 in _start (/tmp/bartgnunet/lib/gnunet/libexec/gnunet-service-peerinfo+0x4024a8) Address 0x7ffd3153e49f is located in stack of thread T0 at offset 65695 in frame #0 0x402d5a in read_host_file /home/bart/g/src/peerinfo/gnunet-service-peerinfo.c:329 This frame has 3 object(s): [32, 36) 'left' [96, 104) 'now' [160, 65695) 'buffer' <== Memory access at offset 65695 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /build/gcc/src/gcc-5.2.0/libsanitizer/asan/asan_interceptors.cc:367 __asan_memcpy Shadow bytes around the buggy address: 0x10002629fc40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002629fc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002629fc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002629fc70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002629fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10002629fc90: 00 00 00[07]f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x10002629fca0: 00 00 00 00 f1 f1 f1 f1 00 00 f4 f4 f3 f3 f3 f3 0x10002629fcb0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 0x10002629fcc0: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x10002629fcd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002629fce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==22177==ABORTING | ||||
Steps To Reproduce | Run a peer | ||||
Tags | No tags attached. | ||||
related to | 0003911 | closed | Bart Polot | Peerinfo doesn't get the correct addresses. |
Date Modified | Username | Field | Change |
---|---|---|---|
2015-09-24 17:45 | Bart Polot | New Issue | |
2015-09-24 17:45 | Bart Polot | Relationship added | related to 0003911 |
2015-09-24 17:57 | Bart Polot | Reproducibility | sometimes => always |
2015-09-24 17:57 | Bart Polot | Summary | Peerinfo crashes => Peerinfo crashes on buffer overflow |
2015-09-24 17:57 | Bart Polot | Steps to Reproduce Updated | |
2015-10-02 16:52 | Christian Grothoff | Note Added: 0009679 | |
2015-10-02 16:52 | Christian Grothoff | Status | new => resolved |
2015-10-02 16:52 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
2015-10-02 16:52 | Christian Grothoff | Resolution | open => fixed |
2015-10-02 16:52 | Christian Grothoff | Assigned To | => Christian Grothoff |
2018-06-07 00:24 | Christian Grothoff | Status | resolved => closed |