Re: TFTP client crash seems to be caused by missing bounds check in make

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TFTP client crash seems to be caused by missing bounds check in make

From:	Erik Auerswald
Subject:	Re: TFTP client crash seems to be caused by missing bounds check in makeargv()
Date:	Sun, 4 Sep 2022 17:53:54 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

Hi,

On 04.09.22 17:34, Erik Auerswald wrote:

On 03.09.22 19:07, Erik Auerswald wrote:

On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
[...]
did you notice some fuzzing report that wasn't fixed?
[...]
* Problems found in tftp (the code did not change since the report):
* Untrusted Pointer Dereference in getcmd() atinetutils/src/tftp.c:878https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html


That seems to be a missing bounds check in makeargv(), similar
to the old, now fixed, code in telnet.

I'll look into creating a nice reproducer instead of the one
found by the fuzzer, adding a test case, and fixing the bug.


That is harder than expected….  Is there a reason *not* to use
the crash input found by the fuzzer in a test for GNU Inetutils?

Thanks,
Erik

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/02
  - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
    - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/03
    - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
    - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Guillem Jover, 2022/09/03
    - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/04
    - Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/06
    - TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
    - Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald <=
    - Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/06
    - Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/07
    - Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/08
    - How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/11
    - Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/12
    - Re: How to check for perl or usable printf tools?, Alfred M. Szmidt, 2022/09/12
    - Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/12
    - Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/17
    - Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/25
    - Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/25

Prev by Date: TFTP client crash seems to be caused by missing bounds check in makeargv()
Next by Date: Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.
Previous by thread: TFTP client crash seems to be caused by missing bounds check in makeargv()
Next by thread: Re: TFTP client crash seems to be caused by missing bounds check in makeargv()
Index(es):
- Date
- Thread