lwip-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-commits] [SCM] lwIP - A Lightweight TCPIP stack branch, master, up

From: Simon Goldschmidt
Subject: [lwip-commits] [SCM] lwIP - A Lightweight TCPIP stack branch, master, updated. STABLE-2_1_0_RELEASE-559-gd8d1e4a0
Date: Fri, 7 Apr 2023 16:33:17 -0400 (EDT) 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lwIP - A Lightweight TCPIP stack".

The branch, master has been updated
       via  d8d1e4a0150180bc88cc14dbe17565976780bb85 (commit)
       via  95a63bc352aedf4ef73becbce8c9be53e765b17c (commit)
       via  e8b0324f8165fdf878ec969db1c57f2667aeda20 (commit)
      from  0f2de1f684615e62b1ecb7f0dcf11426b964b9f2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d8d1e4a0150180bc88cc14dbe17565976780bb85
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date:   Fri Apr 7 15:03:19 2023 +0200

    altcp: Fix NULL pointer dereference found by fuzzing
    
    Reproducer (in bash):
    
    base64 -d <<< 
"H4sIAP/9L2QCA+3WoQ2AMBSE4QoCTFHBBJfgSRF4RDfpRmgmYBpGQRBCk4ZiSfk/+fJMK+5dZRVpzSQzSs6oPierDV4y87WxLQLwE42SfNCdDyHJB9/xZwAARPbMJbUq4JJmu4JVT1cAAACfbGIqoqcMzy90eu+aBw2+N28WFgAA"
 | gunzip | test/fuzz/lwip_fuzz2
    
    Crash log:
    
    ../../src/core/altcp_tcp.c:178:13: runtime error: member access within null 
pointer of type 'struct tcp_pcb'
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
../../src/core/altcp_tcp.c:178:13 in
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==192415==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 
(pc 0x557065081703 bp 0x0aae0cb71204 sp 0x7ffd034dabc0 T0)
    ==192415==The signal is caused by a READ memory access.
    ==192415==Hint: address points to the zero page.
        #0 0x557065081703 in altcp_tcp_setup_callbacks 
/.../lwip/test/fuzz/../../src/core/altcp_tcp.c:178:19
        #1 0x55706508206f in altcp_tcp_setup 
/.../lwip/test/fuzz/../../src/core/altcp_tcp.c:189:3
        #2 0x55706508206f in altcp_tcp_accept 
/.../lwip/test/fuzz/../../src/core/altcp_tcp.c:84:5
        #3 0x557065095592 in tcp_input 
/.../lwip/test/fuzz/../../src/core/tcp_in.c:380:9
        #4 0x5570650e752f in ip4_input 
/.../lwip/test/fuzz/../../src/core/ipv4/ip4.c:743:9
        #5 0x55706513d4de in ethernet_input 
/.../lwip/test/fuzz/../../src/netif/ethernet.c:186:9
        #6 0x557064fe0959 in input_pkt /.../lwip/test/fuzz/fuzz_common.c:209:9
        #7 0x557064fdeb6a in input_pkts /.../lwip/test/fuzz/fuzz_common.c:257:9
        #8 0x557064fdeb6a in lwip_fuzztest 
/.../lwip/test/fuzz/fuzz_common.c:669:3
        #9 0x7ff4f578e189 in __libc_start_call_main 
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
        #10 0x7ff4f578e244 in __libc_start_main csu/../csu/libc-start.c:381:3
        #11 0x557064f20420 in _start (/.../lwip/test/fuzz/lwip_fuzz2+0x81420) 
(BuildId: 8680a96430d5749c90111fe9c3a3d4f881a5dbcd)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV 
/.../lwip/test/fuzz/../../src/core/altcp_tcp.c:178:19 in 
altcp_tcp_setup_callbacks
    ==192415==ABORTING
    Aborted

commit 95a63bc352aedf4ef73becbce8c9be53e765b17c
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date:   Thu Apr 6 16:37:52 2023 +0200

    test/fuzz: Use HTTPS URLs and mention AFL++

commit e8b0324f8165fdf878ec969db1c57f2667aeda20
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date:   Thu Apr 6 15:58:46 2023 +0200

    test/fuzz: Don't crash with assertion failure when a packet is too big
    
    A fuzzer may generate big packets, and it will interpret assertion
    failures as bugs. Instead of asserting that the packet size is
    reasonable, simply skip the packet when it's not the case.

-----------------------------------------------------------------------

Summary of changes:
 src/core/altcp_tcp.c    | 2 +-
 test/fuzz/README        | 3 ++-
 test/fuzz/fuzz_common.c | 6 +++++-
 3 files changed, 8 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
lwIP - A Lightweight TCPIP stack
reply via email to
[Prev in Thread] Current Thread [Next in Thread]