GNU bug report logs - #64229
b2sum: heap-overflow in digest_check

Previous Next

Package: coreutils;

Reported by: Frank Busse <f.busse <at> imperial.ac.uk>

Date: Thu, 22 Jun 2023 16:35:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 64229 in the body.
You can then email your comments to 64229 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#64229; Package coreutils. (Thu, 22 Jun 2023 16:35:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Frank Busse <f.busse <at> imperial.ac.uk>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Thu, 22 Jun 2023 16:35:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Frank Busse <f.busse <at> imperial.ac.uk>
To: bug-coreutils <at> gnu.org
Subject: b2sum: heap-overflow in digest_check
Date: Thu, 22 Jun 2023 17:33:40 +0100

Hi,


KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:

$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c

(even '0BA0' seems to work on my machine) ASAN confirms the issue:

> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607


Best,

Frank
Reply sent to Pádraig Brady <P <at> draigBrady.com>:
You have taken responsibility. (Thu, 22 Jun 2023 20:49:02 GMT) Full text and rfc822 format available.
Notification sent to Frank Busse <f.busse <at> imperial.ac.uk>:
bug acknowledged by developer. (Thu, 22 Jun 2023 20:49:02 GMT) Full text and rfc822 format available.

Message #10 received at 64229-done <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Frank Busse <f.busse <at> imperial.ac.uk>, 64229-done <at> debbugs.gnu.org
Subject: Re: bug#64229: b2sum: heap-overflow in digest_check
Date: Thu, 22 Jun 2023 21:48:28 +0100

[Message part 1 (text/plain, inline)]
On 22/06/2023 17:33, Frank Busse wrote:
> Hi,
> 
> 
> KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
> with:
> 
> $ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
> 
> (even '0BA0' seems to work on my machine) ASAN confirms the issue:
> 
>> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
>> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
>> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607

Nice one.
I'll push the attached later to fix this.

Marking this as done.

thanks,
Pádraig.

[b2sum-uar-fix.patch (text/x-patch, attachment)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 21 Jul 2023 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 338 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.