[QuteCom] #399: QuteCom Unable to handle too large Numbers

QuteCom Thu, 07 Jun 2012 13:26:03 -0700

#399: QuteCom Unable to handle too large Numbers
------------------------------------------+-------------------------
 Reporter:  debasishm89                   |      Owner:  Debasish
     Type:  defect                        |     Status:  new
 Priority:  critical                      |  Milestone:  QuteCom 3.0
Component:  Build System                  |    Version:  2.2
 Keywords:  Heap Memory Corruption Issue  |
------------------------------------------+-------------------------
 QuteCom crashes if a phone number of more than 5000 characters is dialed
 from the application.


 To trigger this bug the application must be connected to VOIP server.I
 have tested this issue on Windows XP SP2 and i have used TrixBox server as
 PBX Phone System.

 '''As this issue is related to HEAP corruption so this may be an
 exploitable bug and may tends to arbitrary code execution.'''

 Tested with latest stable release:

 [http://trac.qutecom.org/downloads/QuteCom-2.2.1-setup-release.exe]

 WinDBG Output after feeding 5000 "A"'s (A = "\x41")as a phone number:


 9b4.f38): Access violation - code c0000005 (!!! second chance !!!)
 eax=41414141 ebx=02d70000 ecx=085d87d8 edx=02d70478 esi=085d87d0
 edi=41414141
 eip=7c9111de esp=0b88fb94 ebp=0b88fdb4 iopl=0         nv up ei pl nz na po
 nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
 efl=00000202
 ntdll!RtlAllocateHeap+0x567:
 7c9111de 8b10            mov     edx,dword ptr [eax]
 ds:0023:41414141=????????


 0:000> r
 eax=41414141 ebx=02d70000 ecx=0860efc0 edx=02d70178 esi=0860efb8
 edi=41414141
 eip=7c9111de esp=0111d42c ebp=0111d64c iopl=0         nv up ei pl nz ac pe
 nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
 efl=00000216
 ntdll!RtlAllocateHeap+0x567:
 7c9111de 8b10            mov     edx,dword ptr [eax]
 ds:0023:41414141=????????


 0:000> u 7c9111de
 ntdll!RtlAllocateHeap+0x567:
 7c9111de 8b10            mov     edx,dword ptr [eax]
 7c9111e0 3b5704          cmp     edx,dword ptr [edi+4]
 7c9111e3 0f858c310200    jne     ntdll!RtlAllocateHeap+0x579 (7c934375)
 7c9111e9 3bd1            cmp     edx,ecx
 7c9111eb 0f8584310200    jne     ntdll!RtlAllocateHeap+0x579 (7c934375)
 7c9111f1 8938            mov     dword ptr [eax],edi
 7c9111f3 894704          mov     dword ptr [edi+4],eax
 7c9111f6 3bf8            cmp     edi,eax

 Thanks

-- 
Ticket URL: <http://qutecom.org/ticket/399>
QuteCom <http://trac.qutecom.org>

_______________________________________________
QuteCom-dev mailing list
[email protected]
http://lists.qutecom.org/mailman/listinfo/qutecom-dev

[QuteCom] #399: QuteCom Unable to handle too large Numbers

Reply via email to