[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Mon Aug 31 11:09:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21900#comment-21900 ]
Johanna Amann commented on BIT-1464:
------------------------------------
Ok - I managed to verify this and I think that Robin just fixed it in 1b9ee38e6933fbaf1db5822ab0e3088e41435c49.
Could you just cross-check to make sure and close the bug if that fixes it?
> heap overflow in build_syn_packet_val
> -------------------------------------
>
> Key: BIT-1464
> URL: https://bro-tracker.atlassian.net/browse/BIT-1464
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Reporter: Justin Azoff
> Assignee: Johanna Amann
> Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =================================================================
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000e45266 at pc 0x000000cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
> #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
> #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
> #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
> #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int, int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Conn.cc:260:3
> #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*, IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*) /scratch/bro-clean/src/Sessions.cc:758:2
> #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
> #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
> #7 0xda1c1b in iosource::PktSrc::Process() /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
> #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #10 0x7f204146cb44 in __libc_start_main /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
More information about the bro-dev
mailing list