[ https://bro-tracker.atlassian.net/browse/BIT-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann reassigned BIT-1465: ---------------------------------- Assignee: (was: Johanna Amann) > heap overflow in GetTimeFromAsn1 > -------------------------------- > > Key: BIT-1465 > URL: https://bro-tracker.atlassian.net/browse/BIT-1465 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.4 > Reporter: Justin Azoff > Attachments: gettimefromasn_bug.pcap > > > This pcap requires -C > {code} > # bro -C -r gettimefromasn_bug.pcap > ================================================================= > ==18126==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x6020001c0001 at pc 0x000000d1cd37 bp 0x7fffe6f622f0 sp 0x7fffe6f622e8 > READ of size 1 at 0x6020001c0001 thread T0 > #0 0xd1cd36 in file_analysis::X509::GetTimeFromAsn1(asn1_string_st > const*) /scratch/bro-clean/src/file_analysis/analyzer/x509/X509.cc:578:7 > #1 0xd1b632 in > file_analysis::X509::ParseCertificate(file_analysis::X509Val*) > /scratch/bro-clean/src/file_analysis/analyzer/x509/X509.cc:134:31 > #2 0xd1a93c in file_analysis::X509::EndOfFile() > /scratch/bro-clean/src/file_analysis/analyzer/x509/X509.cc:55:27 > #3 0xdd5513 in file_analysis::File::EndOfFile() > /scratch/bro-clean/src/file_analysis/File.cc:522:10 > #4 0xdc83e3 in > file_analysis::Manager::RemoveFile(std::__cxx11::basic_string<char, > std::char_traits<char>, std::allocator<char> > const&) > /scratch/bro-clean/src/file_analysis/Manager.cc:395:2 > #5 0xbf3287 in > binpac::RDP::RDP_Flow::proc_x509_cert_data(binpac::RDP::X509_Cert_Data*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:3667:3 > #6 0xbf288e in binpac::RDP::X509_Cert_Data::Parse(unsigned char const*, > unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:3390:10 > #7 0xbf15bc in binpac::RDP::X509::Parse(unsigned char const*, unsigned > char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:3316:25 > #8 0xbefefc in binpac::RDP::Server_Certificate::Parse(unsigned char > const*, unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:3022:19 > #9 0xbe897b in binpac::RDP::Server_Security_Data::Parse(unsigned char > const*, unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:2935:2 > #10 0xbe664a in binpac::RDP::Data_Block::Parse(unsigned char const*, > unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:1176:30 > #11 0xbe57c4 in binpac::RDP::Server_Header::Parse(unsigned char const*, > unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:2513:31 > #12 0xbe38a8 in binpac::RDP::DT_Data::Parse(unsigned char const*, > unsigned char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:1010:21 > #13 0xbe16c7 in binpac::RDP::COTP::Parse(unsigned char const*, unsigned > char const*, binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:899:19 > #14 0xbe10cd in binpac::RDP::TPKT::ParseBuffer(binpac::FlowBuffer*, > binpac::RDP::ContextRDP*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:787:20 > #15 0xbf3d4b in binpac::RDP::RDP_Flow::NewData(unsigned char const*, > unsigned char const*) > /scratch/bro-clean/build/src/analyzer/protocol/rdp/rdp_pac.cc:3436:35 > #16 0xbd9b33 in analyzer::rdp::RDP_Analyzer::DeliverStream(int, unsigned > char const*, bool) /scratch/bro-clean/src/analyzer/protocol/rdp/RDP.cc:80:4 > #17 0xe2506c in analyzer::Analyzer::NextStream(int, unsigned char const*, > bool) /scratch/bro-clean/src/analyzer/Analyzer.cc:245:4 > #18 0xe26530 in analyzer::Analyzer::ForwardStream(int, unsigned char > const*, bool) /scratch/bro-clean/src/analyzer/Analyzer.cc:331:4 > #19 0xce012d in analyzer::tcp::TCP_Reassembler::DeliverBlock(unsigned > long, int, unsigned char const*) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP_Reassembler.cc:647:2 > #20 0xcdfb77 in analyzer::tcp::TCP_Reassembler::BlockInserted(DataBlock*) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP_Reassembler.cc:393:4 > #21 0xce0a4a in analyzer::tcp::TCP_Reassembler::DataSent(double, unsigned > long, int, unsigned char const*, bool) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP_Reassembler.cc:492:2 > #22 0xcdc26d in analyzer::tcp::TCP_Endpoint::DataSent(double, unsigned > long, int, int, unsigned char const*, IP_Hdr const*, tcphdr const*) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP_Endpoint.cc:205:12 > #23 0xcd6210 in analyzer::tcp::TCP_Analyzer::DeliverData(double, unsigned > char const*, int, int, IP_Hdr const*, tcphdr const*, > analyzer::tcp::TCP_Endpoint*, unsigned long, int, analyzer::tcp::TCP_Flags) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:982:9 > #24 0xcd6210 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned > char const*, bool, unsigned long, IP_Hdr const*, int) > /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1381 > #25 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*, > bool, unsigned long, IP_Hdr const*, int) > /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4 > #26 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int, > int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char > const*, int) /scratch/bro-clean/src/Conn.cc:260:3 > #27 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*, > IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*) > /scratch/bro-clean/src/Sessions.cc:758:2 > #28 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*, > unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3 > #29 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned > char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2 > #30 0xda1c1b in iosource::PktSrc::Process() > /scratch/bro-clean/src/iosource/PktSrc.cc:423:3 > #31 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4 > #32 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3 > #33 0x7f3b3edbdb44 in __libc_start_main > /tmp/buildd/glibc-2.19/csu/libc-start.c:287 > #34 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c) > {code} -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-247#70102) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev