Skip to content

Add fuzzer input files that trigger problems#263

Closed
daviddrysdale wants to merge 2 commits intoc-ares:masterfrom
daviddrysdale:fuzz
Closed

Add fuzzer input files that trigger problems#263
daviddrysdale wants to merge 2 commits intoc-ares:masterfrom
daviddrysdale:fuzz

Conversation

@daviddrysdale
Copy link
Copy Markdown
Member

@daviddrysdale daviddrysdale commented Jun 20, 2019

Suspect problems were introduced by 7d3591e ("getaddrinfo
enhancements (#257)"), and revolve around:

  • ares_parse_a_reply.c:160 : WRITE stack buffer overflow
  • ares_parse_aaaa_reply.c:156 : READ heap buffer overflow.

Reproduce by building with ASAN enabled and running (e.g.):

./test/aresfuzz ./test/fuzzinput/clusterfuzz-5650695891451904

@daviddrysdale daviddrysdale mentioned this pull request Jun 20, 2019
Merged
@coveralls
Copy link
Copy Markdown

coveralls commented Jun 20, 2019
edited
Loading

Coverage Status

Coverage remained the same at 89.6% when pulling 21dab19 on daviddrysdale:fuzz into 5dd3629 on c-ares:master.

@daviddrysdale
test: Add fuzzer input files that trigger problems
21dab19 
Suspect problems were introduced by 7d3591e ("getaddrinfo
enhancements (c-ares#257)"), and include:
 - ares_parse_a_reply.c:170 : WRITE stack buffer overflow
 - ares_parse_aaaa_reply.c:170,172 : WRITE stack buffer overflow
 - ares_parse_a_reply:149 : leak
 - ares_parse_aaaa_reply.c:151 : leak

Reproduce by building with ASAN enabled and running (e.g.):

  ./test/aresfuzz ./test/fuzzinput/clusterfuzz-5650695891451904
@ki11roy ki11roy mentioned this pull request Jun 24, 2019
Merged
@ki11roy
Copy link
Copy Markdown
Contributor

ki11roy commented Jun 24, 2019

@daviddrysdale took the files into #264 along with the fix

bradh352 pushed a commit that referenced this pull request Jun 24, 2019
@ki11roy @bradh352
Fix leak and crash in ares_parse_a/aaaa_reply (#264)
b949cc3 
* fix leak if naddress of particular type found
* fix segfault when wanted ttls count lesser than count of result records
* add fuzzer input files that trigger problems (from #263)

Reported-By: David Drysdale (@daviddrysdale)
Fix-By: Andrew Selivanov (@ki11roy)
@bradh352
Copy link
Copy Markdown
Member

bradh352 commented Jun 25, 2019

@daviddrysdale ok to close?

@daviddrysdale daviddrysdale deleted the fuzz branch June 25, 2019 17:55
@daviddrysdale
Copy link
Copy Markdown
Member Author

daviddrysdale commented Jun 25, 2019

Yep, looks like all the fuzzer cases are now verified as fixed.

vadorovsky pushed a commit to vadorovsky/c-ares that referenced this pull request Nov 1, 2019
@ki11roy @vadorovsky
Fix leak and crash in ares_parse_a/aaaa_reply (c-ares#264)
a189e77 
* fix leak if naddress of particular type found
* fix segfault when wanted ttls count lesser than count of result records
* add fuzzer input files that trigger problems (from c-ares#263)

Reported-By: David Drysdale (@daviddrysdale)
Fix-By: Andrew Selivanov (@ki11roy)
DronRathore pushed a commit to DronRathore/c-ares that referenced this pull request Mar 11, 2020
@ki11roy @DronRathore
Fix leak and crash in ares_parse_a/aaaa_reply (c-ares#264)
92c3b9e 
* fix leak if naddress of particular type found
* fix segfault when wanted ttls count lesser than count of result records
* add fuzzer input files that trigger problems (from c-ares#263)

Reported-By: David Drysdale (@daviddrysdale)
Fix-By: Andrew Selivanov (@ki11roy)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daviddrysdale @coveralls @ki11roy @bradh352