[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Null Pointer Dereference in wextglob_skipname
|
From: |
GwanYeong Kim |
|
Subject: |
Null Pointer Dereference in wextglob_skipname |
|
Date: |
Mon, 14 Aug 2017 15:50:53 +0900 |
Hello,
I found a Null Pointer Dereference bug in bash.
Please confirm.
Thanks.
Version: bash 4.4.12(1)-maint(cb8c37dc664c2c0c12772111d3cc3a560d50cb04)
OS: Ubuntu 16.04.2 64bit
Steps to reproduce:
1.Download the PoC files.
2.Execute the following command
: ./bash $PoC
```
ASAN:SIGSEGV
=================================================================
==13050==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x000000576d66 bp 0x7ffeb47e0210 sp 0x7ffeb47e01c0 T0)
#0 0x576d65 in wextglob_skipname /root/karas/bash/lib/glob/glob.c:345
#1 0x576f54 in mbskipname /root/karas/bash/lib/glob/glob.c:380
#2 0x576282 in extglob_skipname /root/karas/bash/lib/glob/glob.c:226
#3 0x5763b8 in skipname /root/karas/bash/lib/glob/glob.c:257
#4 0x576f9b in mbskipname /root/karas/bash/lib/glob/glob.c:382
#5 0x578329 in glob_vector /root/karas/bash/lib/glob/glob.c:760
#6 0x57b255 in glob_filename /root/karas/bash/lib/glob/glob.c:1363
#7 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#8 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#9 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#10 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#11 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#12 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#13 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#14 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#15 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#16 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#17 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#18 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#19 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#20 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#21 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#22 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#23 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#24 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#25 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#26 0x57a34d in glob_filename /root/karas/bash/lib/glob/glob.c:1162
#27 0x4eb908 in shell_glob_filename /root/karas/bash/pathexp.c:427
#28 0x4d979b in glob_expand_word_list /root/karas/bash/subst.c:10673
#29 0x4dc001 in expand_word_list_internal /root/karas/bash/subst.c:11109
#30 0x4d9602 in expand_words /root/karas/bash/subst.c:10622
#31 0x468565 in execute_simple_command
/root/karas/bash/execute_cmd.c:4220
#32 0x457492 in execute_command_internal
/root/karas/bash/execute_cmd.c:811
#33 0x455c31 in execute_command /root/karas/bash/execute_cmd.c:393
#34 0x4262a6 in reader_loop /root/karas/bash/eval.c:172
#35 0x421818 in main /root/karas/bash/shell.c:794
#36 0x7f362f9f982f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#37 0x4204b8 in _start (/root/karas/bash/bash+0x4204b8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/karas/bash/lib/glob/glob.c:345
wextglob_skipname
==13050==ABORTING
```
0000_null_PoC
Description: Binary data
- Null Pointer Dereference in wextglob_skipname,
GwanYeong Kim <=