[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TFTP client crash seems to be caused by missing bounds check in make
From: |
Simon Josefsson |
Subject: |
Re: TFTP client crash seems to be caused by missing bounds check in makeargv() |
Date: |
Tue, 06 Sep 2022 20:05:04 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
> Hi,
>
> On 04.09.22 17:34, Erik Auerswald wrote:
>> On 03.09.22 19:07, Erik Auerswald wrote:
>>> On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
>>>> [...]
>>>> did you notice some fuzzing report that wasn't fixed?
>>> [...]
>>> * Problems found in tftp (the code did not change since the report):
>>>
>>> * Untrusted Pointer Dereference in getcmd() at
>>> inetutils/src/tftp.c:878
>>> https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
>> That seems to be a missing bounds check in makeargv(), similar
>> to the old, now fixed, code in telnet.
>> I'll look into creating a nice reproducer instead of the one
>> found by the fuzzer, adding a test case, and fixing the bug.
>
> That is harder than expected…. Is there a reason *not* to use
> the crash input found by the fuzzer in a test for GNU Inetutils?
More testing would be great! Integrating oss-fuzz would be too...
Re BSD tools: perhaps one way to proceed here is to start to sync code
so we at least have similar code bases to look at? Maybe we can find
some code that is sufficiently similar so that we can simply setup
scripts to keep the code in sync for the future. And hopefully make the
set of code that is kept in sync automatically larger and larger. The
CVE-2019-0053 bug we discovered now was fixed in FreeBSD back in 2005...
I'm sure there are plenty of more discoveries like this waiting for us.
Having more code in sync helps with this.
/Simon
signature.asc
Description: PGP signature
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Guillem Jover, 2022/09/03
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/04
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/06
- TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(),
Simon Josefsson <=
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/07
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/08
- How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/11
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/12
- Re: How to check for perl or usable printf tools?, Alfred M. Szmidt, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/12
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/17
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/25
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/25
- Re: How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/25