Re: [CVE-2017-11109] Reduced samples and patch

Bram Moolenaar Tue, 11 Jul 2017 06:12:36 -0700

Dominique wrote:

> Bram Moolenaar <b...@moolenaar.net> wrote:
> 
> > James McCoy wrote:
> >
> >> A few issues were reported on RedHat's bug tracker[0] which have been
> >> assigned CVE-2017-11109.  I took an initial look at them and reduced the
> >> fuzzer-created scripts so they're clearer (especially for POC2).
> >>
> >> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
> >>
> >> I've also attached a patch that resolves the issue for POC1.  Below are
> >> the ASAN tracebacks for each issue, all using 8.0.0702.
> >
> > I think I fixed POC1, however for POC2 and POC3 I can't really
> > see what the problem is.  Perhaps it requires ASAN, valgrind won't be
> > sufficient?
> 
> I can reproduce the errors with POC2 and POC3 with valgrind
> using:
> 
> valgrind vim -u NONE -e -s -S POC2 -c ':qa!'
> valgrind vim -u NONE -e -s -S POC3 -c ':qa!'


Aha, it's apparently essential to use Ex mode.

> But if you want to use asan,  both gcc and clang have had
> asan for quite a while now.  All that is needed to use asan is to
> compile and link vim with  -fsanitize=address  and then run vim
> normally.  One way is to uncomment out this line in vim/src/Makefile
> to compile vim with asan:
> 
> #SANITIZER_CFLAGS = -g -O0 -fsanitize=address -fno-omit-frame-pointer
> 
> Anyway, asan is not needed in the cases of POC2 or POC3.
> Asan was needed for POC1, but this one has been fixed
> already.

Yep.

-- 
hundred-and-one symptoms of being an internet addict:
137. You decide to stay in college for an additional year or two,
     just so you can have the free Internet access.

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [CVE-2017-11109] Reduced samples and patch

Raspunde prin e-mail lui