[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val

Justin Azoff (JIRA) jira at bro-tracker.atlassian.net
Thu Aug 20 13:59:00 PDT 2015


Justin Azoff created BIT-1464:
---------------------------------

             Summary: heap overflow in build_syn_packet_val
                 Key: BIT-1464
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1464
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: 2.4
            Reporter: Justin Azoff
         Attachments: build_syn_packet_val_bug.pcap

{code}
# bro -r build_syn_packet_val_bug.pcap
=================================================================
==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000e45266 at pc 0x000000cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
READ of size 1 at 0x607000e45266 thread T0
    #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
    #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
    #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
    #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int, int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Conn.cc:260:3
    #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*, IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*) /scratch/bro-clean/src/Sessions.cc:758:2
    #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
    #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
    #7 0xda1c1b in iosource::PktSrc::Process() /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
    #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
    #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
    #10 0x7f204146cb44 in __libc_start_main /tmp/buildd/glibc-2.19/csu/libc-start.c:287
    #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
{code}



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-01-193#70101)


More information about the bro-dev mailing list