Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ndpiReader: fix VXLAN de-tunneling #1913

Merged
merged 1 commit into from
Mar 25, 2023
Merged

Conversation

IvanNardi
Copy link
Collaborator

@IvanNardi IvanNardi commented Mar 23, 2023

==20665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000aec81 at pc 0x0000004f5c6f bp 0x7fff07e9e1f0 sp 0x7fff07e9e1e8
READ of size 1 at 0x6040000aec81 thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
    #0 0x4f5c6e in ndpi_is_valid_vxlan ndpi/example/reader_util.c:1784:6
    https://github.com/ntop/nDPI/issues/1 0x4f5c6e in ndpi_workflow_process_packet ndpi/example/reader_util.c:2292:16
    https://github.com/ntop/nDPI/pull/2 0x4dd821 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_ndpi_reader.c:135:7
    https://github.com/ntop/nDPI/pull/3 0x4f91ba in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:234:7
    https://github.com/ntop/nDPI/issues/4 0x4f8f8c in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:318:12
    https://github.com/ntop/nDPI/issues/5 0x7f2289324082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    https://github.com/ntop/nDPI/pull/6 0x41e6cd in _start

Found by oss-fuzz.
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57369

@mmaatuq
Copy link
Contributor

mmaatuq commented Mar 25, 2023

@IvanNardi thanks for the fix
I thought such cases could have been detected in fuzz testing.

@IvanNardi
Copy link
Collaborator Author

@IvanNardi thanks for the fix I thought such cases could have been detected in fuzz testing.

oss-fuzz detected it just after I pushed this PR :-)
I'll update the commit message

```
==20665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000aec81 at pc 0x0000004f5c6f bp 0x7fff07e9e1f0 sp 0x7fff07e9e1e8
READ of size 1 at 0x6040000aec81 thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
    #0 0x4f5c6e in ndpi_is_valid_vxlan ndpi/example/reader_util.c:1784:6
    ntop#1 0x4f5c6e in ndpi_workflow_process_packet ndpi/example/reader_util.c:2292:16
    ntop#2 0x4dd821 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_ndpi_reader.c:135:7
    ntop#3 0x4f91ba in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:234:7
    ntop#4 0x4f8f8c in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:318:12
    ntop#5 0x7f2289324082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    ntop#6 0x41e6cd in _start
```
Found by oss-fuzz.
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57369
@sonarcloud
Copy link

sonarcloud bot commented Mar 25, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@IvanNardi IvanNardi merged commit 04a426f into ntop:dev Mar 25, 2023
@IvanNardi IvanNardi deleted the vxlan-overflow branch March 25, 2023 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants