diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-05-08 11:46:46 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-08 11:46:46 +0200 |
| commit | b65a755e8569d428732f54bc72f7da3ffb94a3ff (patch) | |
| tree | 27c295cf80940d34195c6d054e72e65f7ba8c8ac /tests/cfgs/ip_lists_disable | |
| parent | 7c6910d9e5d5b08a164a22db5db9969e20cbc232 (diff) | |
Fix a memory access error and some leaks (#2425)
```
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
#0 0x557f3a5b5100 in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:158:8
#1 0x557f3a59b561 in ndpi_check_dga_name /src/ndpi/src/lib/ndpi_main.c:10412:17
#2 0x557f3a51163a in process_chlo /src/ndpi/src/lib/protocols/quic.c:1467:7
#3 0x557f3a469f4b in LLVMFuzzerTestOneInput /src/ndpi/fuzz/fuzz_quic_get_crypto_data.c:44:7
#4 0x557f3a46abc8 in NaloFuzzerTestOneInput (/out/fuzz_quic_get_crypto_data+0x4cfbc8)
```
Some notes about the leak: if the insertion into the uthash fails (because of an
allocation failure), we need to free the just allocated entry. But the only
way to check if the `HASH_ADD_*` failed, is to perform a new lookup: a bit
costly, but we don't use that code in the fast-path.
See also efb261a95c5a
Credits for finding the issues to Philippe Antoine (@catenacyber) and his
`nallocfuzz` fuzzing engine
See: https://github.com/catenacyber/nallocfuzz
See: https://github.com/google/oss-fuzz/pull/9902
Diffstat (limited to 'tests/cfgs/ip_lists_disable')
0 files changed, 0 insertions, 0 deletions