GNU bug report logs - #64229
b2sum: heap-overflow in digest_check

Previous Next

Package: coreutils;

Reported by: Frank Busse <f.busse <at> imperial.ac.uk>

Date: Thu, 22 Jun 2023 16:35:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 64229-done <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Frank Busse <f.busse <at> imperial.ac.uk>, 64229-done <at> debbugs.gnu.org
Subject: Re: bug#64229: b2sum: heap-overflow in digest_check
Date: Thu, 22 Jun 2023 21:48:28 +0100

[Message part 1 (text/plain, inline)]

On 22/06/2023 17:33, Frank Busse wrote:
> Hi,
> 
> 
> KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
> with:
> 
> $ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
> 
> (even '0BA0' seems to work on my machine) ASAN confirms the issue:
> 
>> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
>> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
>> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607

Nice one.
I'll push the attached later to fix this.

Marking this as done.

thanks,
Pádraig.

[b2sum-uar-fix.patch (text/x-patch, attachment)]

This bug report was last modified 1 year and 338 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #64229 b2sum: heap-overflow in digest_check

GNU bug report logs - #64229
b2sum: heap-overflow in digest_check