[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Mon Aug 31 10:41:00 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann reassigned BIT-1464:
----------------------------------

    Assignee: Johanna Amann

> heap overflow in build_syn_packet_val
> -------------------------------------
>
>                 Key: BIT-1464
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1464
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Justin Azoff
>            Assignee: Johanna Amann
>         Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =================================================================
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000e45266 at pc 0x000000cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
>     #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
>     #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
>     #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*, bool, unsigned long, IP_Hdr const*, int) /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
>     #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int, int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Conn.cc:260:3
>     #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*, IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*) /scratch/bro-clean/src/Sessions.cc:758:2
>     #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*, unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
>     #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
>     #7 0xda1c1b in iosource::PktSrc::Process() /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
>     #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
>     #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
>     #10 0x7f204146cb44 in __libc_start_main /tmp/buildd/glibc-2.19/csu/libc-start.c:287
>     #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)


More information about the bro-dev mailing list