usim: View Ticket

2020-10-30
08:23		• Closed ticket [d0239da7bb]: uch11.c: heap buffer overflow plus 3 other changes artifact: 7661d4adae user: ams
2020-10-26
14:44		• Ticket [d0239da7bb]: 3 changes artifact: a92c39aa97 user: ams
14:33		• Ticket [d0239da7bb]: 3 changes artifact: d82aea96b3 user: ams
2020-10-05
15:48		• Ticket [d0239da7bb]: 5 changes artifact: 1fc3026725 user: ams
15:48		• New ticket [d0239da7bb]. artifact: 0a7ee89a06 user: ams

Ticket Hash:	d0239da7bb2a17775205b30a7bf01919cf136a63
Title:	uch11.c: heap buffer overflow
Status:	Closed	Type:	Code_Defect
Severity:	Critical	Priority:	Immediate
Subsystem:		Resolution:	Fixed
Last Modified:	2020-10-30 08:23:17
Version Found In:
User Comments:
ams added on 2020-10-05 15:48:42: There is a heap buffer overflow in uch11.c: ==30853==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000003863 at pc 0x7ffff75fe170 bp 0x7fffffffd3e0 sp 0x7fffffffcb88 READ of size 68 at 0x607000003863 thread T0 #0 0x7ffff75fe16f (/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/libasan.so.5+0x9a16f) #1 0x5555555acb2e in chaos_poll_local /home/ams/l/usim/uch11.c:869 #2 0x5555555acdb8 in uch11_poll /home/ams/l/usim/uch11.c:891 #3 0x55555559e629 in run /home/ams/l/usim/ucode.c:1219 #4 0x555555599156 in main /home/ams/l/usim/usim.c:103 #5 0x7ffff7264c8c in __libc_start_main ../csu/libc-start.c:308 #6 0x5555555989f9 in _start (/home/ams/l/usim/usim+0x449f9) Code in question: `memcpy(uch11_rcv_buffer, packet, (size_t)size * sizeof(unsigned short));` Should be able to reproduce by compiling with ASAN enabled, and then trying to LOGIN. ams added on 2020-10-26 14:33:30: Fixed in [chaos:1e9bef1681]. ams added on 2020-10-26 14:44:23: Fixed in 1e9bef1681.