Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap-buffer-overflow in ndpi_search_syslog #1578

Closed
1 of 2 tasks
koltiradw opened this issue Jun 3, 2022 · 1 comment · Fixed by #1579
Closed
1 of 2 tasks

Heap-buffer-overflow in ndpi_search_syslog #1578

koltiradw opened this issue Jun 3, 2022 · 1 comment · Fixed by #1579
Assignees
@utoni
Labels
bug

Comments

@koltiradw
Copy link
Contributor

Hi! I found heap-buffer-overflow ( occurs at src/lib/protocols/syslog.c:87:9 ) during testing with libFuzzer.

nDPI Environment:

  • OS name: Ubuntu
  • OS version: 20.04.4 LTS (Focal Fossa)
  • Architecture: x86-64
  • nDPI commit hash: 09fbe0a
  • nDPI compilation flags used: --enable-fuzztargets
  • config.log

Reproducible using ndpiReader?

  • The reported bug is reproducible using ndpiReader.
  • The reported bug is not reproducible using ndpiReader.

File for reproducing:

Steps to reproduce the behavior:

  1. Run './fuzz_process_packet_with_main <crash_file>'.
  2. See ASAN crash report.
@koltiradw koltiradw added the bug label Jun 3, 2022
@utoni
Copy link
Collaborator

utoni commented Jun 3, 2022

Whoops! My fault. Thanks!

@utoni utoni self-assigned this Jun 3, 2022
utoni added a commit to utoni/nDPI that referenced this issue Jun 3, 2022
@utoni
Fix syslog heap overflow introduced in 09fbe0a.
c738e0a 
 - fixes ntop#1578

Signed-off-by: lns <[email protected]>
@utoni utoni mentioned this issue Jun 3, 2022
Merged
utoni added a commit to utoni/nDPI that referenced this issue Jun 3, 2022
@utoni
Fix syslog heap overflow introduced in 09fbe0a.
51e8795 
 - fixes ntop#1578

Signed-off-by: lns <[email protected]>
IvanNardi pushed a commit that referenced this issue Jun 4, 2022
@utoni
Fix syslog heap overflow introduced in 09fbe0a. (#1579)
ff8e1e1 
- fixes #1578

Signed-off-by: lns <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@utoni utoni

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix syslog heap overflow introduced in 09fbe0a64a11b08a35435f516e9a19… utoni/nDPI
2 participants
@utoni @koltiradw