You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I would like to bring to your attention that I encountered a potential issue while using it. This observation was made during testing on Ubuntu 20.04. Thank you for your understanding.
Missing boundary check for shname here, there is a risk of heap overflow.
poc:poc.zip
Asan report
==2113==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000120 at pc 0x0000004f668a bp 0x7ffe033f84f0 sp 0x7ffe033f84e8
READ of size 8 at 0x611000000120 thread T0
#0 0x4f6689 in get_section_name /home/ld1ng/Packer_ELF/src/cypher_code.c:14:19
#1 0x4f6689 in get_section_text /home/ld1ng/Packer_ELF/src/cypher_code.c:22
#2 0x4f6689 in cypher_code /home/ld1ng/Packer_ELF/src/cypher_code.c:47
#3 0x4f593c in main /home/ld1ng/Packer_ELF/src/packer.c:52:7
#4 0x7fb542935082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#5 0x41e3ad in _start (/home/ld1ng/Packer_ELF/packer+0x41e3ad)
0x611000000120 is located 24 bytes to the right of 200-byte region [0x611000000040,0x611000000108)
allocated by thread T0 here:
#0 0x4c61f3 in malloc (/home/ld1ng/Packer_ELF/packer+0x4c61f3)
#1 0x4f95f9 in map_sections_data /home/ld1ng/Packer_ELF/src/map_elf.c:81:29
#2 0x4f95f9 in map_elf /home/ld1ng/Packer_ELF/src/map_elf.c:136
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/ld1ng/Packer_ELF/src/cypher_code.c:14:19 in get_section_name
Shadow bytes around the buggy address:
0x0c227fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff8020: 00 fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
0x0c227fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2113==ABORTING
gdb backtrace
pwndbg> bt
#0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:112
#1 0x0000000000401a08 in get_section_text (elf=<optimized out>) at src/cypher_code.c:22
#2 cypher_code (elf=0x4472a0) at src/cypher_code.c:47
#3 0x0000000000401655 in main (argc=<optimized out>, argc@entry=2, argv=<optimized out>, argv@entry=0x7fffffffdfd8) at src/packer.c:52
#4 0x00007ffff7de8083 in __libc_start_main (main=0x401510 <main>, argc=2, argv=0x7fffffffdfd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfc8) at ../csu/libc-start.c:308
#5 0x000000000040125e in _start ()
The text was updated successfully, but these errors were encountered:
Hello, I would like to bring to your attention that I encountered a potential issue while using it. This observation was made during testing on Ubuntu 20.04. Thank you for your understanding.
Missing boundary check for
shname
here, there is a risk of heap overflow.poc:poc.zip
Asan report
gdb backtrace
The text was updated successfully, but these errors were encountered: