Skip to content

Bug report  #38

New issue
New issue
Open
Open
Bug report #38
Labels
duplicate
@Sunzyuu

Description

@Sunzyuu
Sunzyuu
opened on May 15, 2024

I was recently using fuzz to conduct security testing on pcapfix, and found a bug in pcapfix . The specific information is as follows:

./pcapfix -d pcapfix_poc

pcapfix 1.1.7 (c) 2012-2021 Robert Krause

[*] Reading from file: ./out/default/crashes/id:000086,sig:06,src:000502+000862,time:98788114,op:splice,rep:4
[*] Writing to file: fixed_id:000086,sig:06,src:000502+000862,time:98788114,op:splice,rep:4
[*] File size: 851 bytes.
[+] This is a PCAPNG file.
[-] Invalid Block size => CORRECTED.
[-] Unknown Byte Order Magic: 0x40087 ==> CORRECTED.
[-] Major version number: 0 ==> CORRECTED.
[-] Minor version number: 16 ==> CORRECTED.
[-] Unknown option code: 0xffff (34815 bytes) ==> SKIPPING.
[-] Block size mismatch (0x00000301 != 0x0000016a) ==> CORRECTED.
[-] Found 322 bytes of unknown data ==> SKIPPING.
[*] Progress:  42.54 %
[*] Progress:  44.42 %
[-] Invalid Block size => CORRECTED.
[-] Unknown Byte Order Magic: 0x4e2d2d2d ==> CORRECTED.
[-] Major version number: 25934 ==> CORRECTED.
[-] Minor version number: 6008 ==> CORRECTED.
[-] Unknown option code: 0x1717 (5911 bytes) ==> SKIPPING.
[-] Block size mismatch (0x00171717 != 0x00000033) ==> CORRECTED.
[-] Found 19 bytes of unknown data ==> SKIPPING.
[-] Invalid Block size => CORRECTED.
[-] Unknown Byte Order Magic: 0x4e2d2d2d ==> CORRECTED.
[-] Major version number: 25934 ==> CORRECTED.
[-] Minor version number: 6008 ==> CORRECTED.
[-] Unknown option code: 0x1717 (5911 bytes) ==> SKIPPING.
[-] Block size mismatch (0x17171717 != 0x0000018a) ==> CORRECTED.
[-] Found 362 bytes of unknown data ==> SKIPPING.
[*] Progress:  98.59 %
[-] Invalid Block size => CORRECTED.
=================================================================
==19806==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffffe (0x800 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x49727d in malloc (/work/autofz/github/pcapfix/pcapfix+0x49727d)
    #1 0x4e9710 in fix_pcapng /work/autofz/github/pcapfix/pcapng.c:678:16
    #2 0x4c9af4 in main /work/autofz/github/pcapfix/pcapfix.c
    #3 0x7f18b364483f in __libc_start_main /build/glibc-S7Ft5T/glibc-2.23/csu/../csu/libc-start.c:291

==19806==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big (/work/autofz/github/pcapfix/pcapfix+0x49727d) in malloc
==19806==ABORTING

The poc that triggers the error is as follows:https://github.com/Sunzyuu/seed/blob/main/pacpfix_poc
I hope my report will be of some help to pcapfix, thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    duplicate

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions