Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in section_name_cmp at internal.c:125 #22

Open
bladchan opened this issue Sep 16, 2022 · 2 comments
Open

SEGV in section_name_cmp at internal.c:125 #22

bladchan opened this issue Sep 16, 2022 · 2 comments

Comments

@bladchan
Copy link

Describe the bug
A bad elf file which can lead elf_open_object() to a segmentation fault.
Poc here:
poc5.zip

To Reproduce

  1. Build the whole project with ASAN
  2. Run examples/elfparse
$ ./elfparse ./segv4

Expected behavior
Parse elf file without segmentation fault because segmentation fault can cause a Denial of Service (Dos).

Environment (please complete the following information):

  • System and Version : Ubuntu 18.04 + gcc 7.5.0
  • Target file: examples/elfparse
  • libelfmaster commit version: 03b7170

Additional context
ASAN says:

=================================================================
==38155==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000003b8 (pc 0x559f08fb4fcf bp 0x7ffc3e0c5010 sp 0x7ffc3e0c5010 T0)
==38155==The signal is caused by a READ memory access.
==38155==Hint: address points to the zero page.
    #0 0x559f08fb4fce in section_name_cmp /home/ubuntu/some_c_test/libelfmaster/src/internal.c:125
    #1 0x559f08f954f1 in bsearch /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:33
    #2 0x559f08f954f1 in elf_section_by_name /home/ubuntu/some_c_test/libelfmaster/src/libelfmaster.c:1261
    #3 0x559f08f8d1d8 in main /home/ubuntu/some_c_test/libelfmaster/examples/elfparse.c:209
    #4 0x7fee4dc77c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #5 0x559f08f8dc19 in _start (/home/ubuntu/some_c_test/libelfmaster/fuzz/elfparse+0x8c19)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/ubuntu/some_c_test/libelfmaster/src/internal.c:125 in section_name_cmp
==38155==ABORTING
@elfmaster
Copy link
Owner

Thank you. I will look into fixing these. Are you using the library for anything in particular?

@bladchan
Copy link
Author

Nope, I was just fuzzing it. It seemed that there are some bugs in examples/elfparse.c. When providing a correct format ELF file, the parser seems to work normally. But when providing a crafted ELF file, the parser will be corrupted due to memory issues. In total: 1 heap overflow, 12 segv, 1 bad free, 1 floating pointer exception, and 3 unknown crashes. If you need these pocs, I'll organize and upload them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elfmaster @bladchan