[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
TFTP client crash seems to be caused by missing bounds check in makeargv
From: |
Erik Auerswald |
Subject: |
TFTP client crash seems to be caused by missing bounds check in makeargv() |
Date: |
Sun, 4 Sep 2022 17:34:38 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 |
Hi,
On 03.09.22 19:07, Erik Auerswald wrote:
On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
[...]
did you notice some fuzzing report that wasn't fixed?
I think the following reports have not yet been addressed:
I do intend to look into these issues, but I cannot say when...
[...]
* Problems found in tftp (the code did not change since the report):
* Untrusted Pointer Dereference in getcmd() at inetutils/src/tftp.c:878
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
That seems to be a missing bounds check in makeargv(), similar
to the old, now fixed, code in telnet.
I'll look into creating a nice reproducer instead of the one
found by the fuzzer, adding a test case, and fixing the bug.
There might be an opportunity to refactor the code to avoid
having to fix the same problem again and again….
[...]
Thanks,
Erik
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Guillem Jover, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/04
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/06
- TFTP client crash seems to be caused by missing bounds check in makeargv(),
Erik Auerswald <=
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/06
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/07
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/08
- How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/11
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/12
- Re: How to check for perl or usable printf tools?, Alfred M. Szmidt, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/17
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/25