|
Message-ID: <620190.49757825-sendEmail@localhost> Date: Mon, 20 Mar 2017 10:31:24 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid memory read. Upstream says that this bug is fixed by one of the previous commit. However I’m providing as usual the stacktrace and the reproducer, so if you are not running the latest upstream release, like happen on debian/rhel based distros, you may want to check better the status of this bug. The complete ASan output: # pcretest -32 -d $FILE ==27914==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3f580efe04 (pc 0x7f3f577b8048 bp 0x7ffcb035b390 sp 0x7ffcb035b320 T0) ==27914==The signal is caused by a READ memory access. #0 0x7f3f577b8047 in _pcre32_xclass /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_xclass.c:135:30 #1 0x7f3f576137ca in match /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_exec.c:3203:16 #2 0x7f3f575e7226 in pcre32_exec /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_exec.c:6936:8 #3 0x527d6c in main /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcretest.c:5218:9 #4 0x7f3f565b478f in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #5 0x41b438 in _init (/usr/bin/pcretest+0x41b438) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_xclass.c:135:30 in _pcre32_xclass ==27914==ABORTING Affected version: 8.40 Fixed version: 8.41 (not released atm) Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. Reproducer: https://github.com/asarubbo/poc/blob/master/00206-pcre-invalidread-_pcre32_xclass Timeline: 2017-02-24: bug discovered and reported to upstream 2017-03-20: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.