GNU bug report logs - #64229
b2sum: heap-overflow in digest_check

Previous Next

Package: coreutils;

Reported by: Frank Busse <f.busse <at> imperial.ac.uk>

Date: Thu, 22 Jun 2023 16:35:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Pádraig Brady <P <at> draigBrady.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#64229: closed (b2sum: heap-overflow in digest_check)
Date: Thu, 22 Jun 2023 20:49:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 22 Jun 2023 21:48:28 +0100
with message-id <11a8d10b-6e65-a36e-68c0-9198d845243e <at> draigBrady.com>
and subject line Re: bug#64229: b2sum: heap-overflow in digest_check
has caused the debbugs.gnu.org bug report #64229,
regarding b2sum: heap-overflow in digest_check
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
64229: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=64229
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Frank Busse <f.busse <at> imperial.ac.uk>
To: bug-coreutils <at> gnu.org
Subject: b2sum: heap-overflow in digest_check
Date: Thu, 22 Jun 2023 17:33:40 +0100

Hi,


KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:

$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c

(even '0BA0' seems to work on my machine) ASAN confirms the issue:

> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607


Best,

Frank



[Message part 3 (message/rfc822, inline)]
From: Pádraig Brady <P <at> draigBrady.com>
To: Frank Busse <f.busse <at> imperial.ac.uk>, 64229-done <at> debbugs.gnu.org
Subject: Re: bug#64229: b2sum: heap-overflow in digest_check
Date: Thu, 22 Jun 2023 21:48:28 +0100

[Message part 4 (text/plain, inline)]
On 22/06/2023 17:33, Frank Busse wrote:
> Hi,
> 
> 
> KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
> with:
> 
> $ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
> 
> (even '0BA0' seems to work on my machine) ASAN confirms the issue:
> 
>> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
>> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
>> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607

Nice one.
I'll push the attached later to fix this.

Marking this as done.

thanks,
Pádraig.

[b2sum-uar-fix.patch (text/x-patch, attachment)]
This bug report was last modified 1 year and 338 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.