Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Out-of-bounds read in the function modifySoname #451

Merged
merged 1 commit into from
Dec 27, 2022
Merged

Fix Out-of-bounds read in the function modifySoname #451

merged 1 commit into from
Dec 27, 2022

Conversation

yairKoskas
Copy link
Contributor

@yairKoskas yairKoskas commented Dec 27, 2022
edited
Loading

An OOB Read bug exists in the modifySoname function, I fixed this issue in this PR.

Here is the ASAN log:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==18235==ERROR: AddressSanitizer: SEGV on unknown address 0x7fd0a00230d0 (pc 0x55f8f4610f0d bp 0x7ffe590fe100 sp 0x7ffe590fdd80 T0)
==18235==The signal is caused by a READ memory access.
    #0 0x55f8f4610f0c in ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::modifySoname(ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::sonameMode, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:1280
    #1 0x55f8f4495f92 in patchElf2<ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, long unsigned int, long unsigned int, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, short unsigned int> > /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:1926
    #2 0x55f8f4495f92 in patchElf /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:1980
    #3 0x55f8f4495f92 in mainWrapped(int, char**) /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:2162
    #4 0x55f8f4480ee5 in main /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:2170
    #5 0x7fd0a37d60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
    #6 0x55f8f4481bdd in _start (/usr/local/bin/patchelf+0x240bdd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/yairko/Desktop/Research/patchelf/patchelf/src/patchelf.cc:1280 in ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::modifySoname(ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::sonameMode, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
==18235==ABORTING

Steps to reproduce:
./configure --with-asan --with-ubsan
make & make install
/usr/local/bin/patchelf ./oob_bug_poc --print-soname
poc.zip

@Mic92
Copy link
Member

Mic92 commented Dec 27, 2022

bors merge

@bors
Copy link
Contributor

bors bot commented Dec 27, 2022

Configuration problem:
bors.toml: not found

@yairKoskas
Copy link
Contributor Author

bors merge

Is this a problem on my side or something with the config of the bors bot?

@Mic92
Copy link
Member

Mic92 commented Dec 27, 2022

I simply have not set up any bors configuration for this repo.

@Mic92 Mic92 merged commit 2530788 into NixOS:master Dec 27, 2022
@jeremysanders
Copy link
Contributor

jeremysanders commented Jan 5, 2023
edited
Loading

This looks potentially like a security issue. Maybe it would be good to have a release with this soon?

@Mic92
Copy link
Member

Mic92 commented Jan 10, 2023

done.

@jeremysanders
Copy link
Contributor

thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yairKoskas @Mic92 @jeremysanders