What do you mean? I've attached the reproducer, shows up if I run "./rpm -i
rpm-stackoverflow-glob.rpm". As said, not with the latest git code, but with
the latest release.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
ht
Update: Still unfixed in 4.13.0.1.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/137#issuecomment-280618289___
Rpm-maint mail
This does not affect the current git head code, but it affects the release
4.13.0.1. It's been reported before to the red hat security team and publicly
here:
https://blog.fuzzing-project.org/52-Multiple-vulnerabilities-in-RPM-and-a-rant.html
[rpm-stackoverflow-glob.zip](https://github.com/rpm-s
The attached file causes an out of bounds read in pgpPrtSig. This is a
different bug from #149, although it's in the same function.
[oob-heap-pgpPrtSig-rpmpgp-633.zip](https://github.com/rpm-software-management/rpm/files/762089/oob-heap-pgpPrtSig-rpmpgp-633.zip)
Here's the asan output:
```
==1069
The attached file triggers an out of bounds heap read in rmpkeys -K.
[rpmkeys-heap-oob-pgpPrtSig-rpmpgp-533.zip](https://github.com/rpm-software-management/rpm/files/757347/rpmkeys-heap-oob-pgpPrtSig-rpmpgp-533.zip)
asan error with current git (you get more meaningful ones with
ASAN_OPTIONS="fas
Just for completeness: Here's a different file triggering an out of bounds a
few lines earlier. It seems it is fixed by the same commit (sidenote: I think
it'd be a good idea to have regression tests with all the fuzzed files that
triggered bugs).
[rpmkeys-oob-heap-pgpPrtSubType-rpmpgp-427.zip]
The attached file will cause an oud of bounds heap read in "rpmkeys -K".
[rpmkeys-pgpPrtSubType-rpmpgp-444.zip](https://github.com/rpm-software-management/rpm/files/755884/rpmkeys-pgpPrtSubType-rpmpgp-444.zip)
Here's the address sanitizer output:
```
==15315==ERROR: AddressSanitizer: heap-buffer-
Sorry, I simply forgot attaching the files, here they are.
[pocfiles.zip](https://github.com/rpm-software-management/rpm/files/750137/pocfiles.zip)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-softw
The attached files will cause an invalid free or double free. As they're both
in the same code line I assume it's the same bug in different variations.
This only affects the git code, not the latest release (otherwise I wouldn't
have reported it to a public bug tracker). This is obviously a very
> Also it's perhaps worth pointing out that none of the packages in the series
> crash nor pass through 'rpm -K' verification.
Maybe a bit offtopic here, but I noted that the "-K" parameter no longer works
in the current git code. Is this intentional? (and if yes: why?) Because I
specifically w
The attached file causes an out of bounds heap read.
[rpm-heap-oob-rpmfilesFDepends.zip](https://github.com/rpm-software-management/rpm/files/736812/rpm-heap-oob-rpmfilesFDepends.zip)
asan error:
```
==27195==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602011d0 at pc 0x005
The attached file causes an invalid memory read access.
[rpm-invalidread-dataLength-grabData.zip](https://github.com/rpm-software-management/rpm/files/736811/rpm-invalidread-dataLength-grabData.zip)
asan error:
```
==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x7fd
The attached file causes an invalid memory read access with rpm -i --test.
[rpm-invalidread-rpmdsNewPool-rstreqn.zip](https://github.com/rpm-software-management/rpm/files/736808/rpm-invalidread-rpmdsNewPool-rstreqn.zip)
asan error:
```
==5681==ERROR: AddressSanitizer: SEGV on unknown address 0x00
This file causes a read access to an invalid memory area.
[rpm-invalid-read-doFind-providePackageNVR.zip](https://github.com/rpm-software-management/rpm/files/736804/rpm-invalid-read-doFind-providePackageNVR.zip)
asan error:
```
==10120==ERROR: AddressSanitizer: SEGV on unknown address 0x
I'm attaching another file, this creates a use after free, but it's in the same
line of code, so I assume it's a variation of the same bug.
[rpm-useafterfree-rstrlenhash-rpmstrPoolId.zip](https://github.com/rpm-software-management/rpm/files/736803/rpm-useafterfree-rstrlenhash-rpmstrPoolId.zip)
``
The attached file will cause an out of bounds memory read in rpm (tested with
rpm -i --test [input]).
[rpm-oob-heap-read-rstrlenhash-rpmstrPoolId.zip](https://github.com/rpm-software-management/rpm/files/736801/rpm-oob-heap-read-rstrlenhash-rpmstrPoolId.zip)
Found with american fuzzy lop and add
The attached file will cause an out of bounds heap read access when passed to
rpm (tested with rpm -i --test [input]). Found with american fuzzy lop and
address sanitizer.
[oob-heap-copyTdEntry.zip](https://github.com/rpm-software-management/rpm/files/729923/oob-heap-copyTdEntry.zip)
Stack trac
17 matches
Mail list logo
