[Wireshark-bugs] [Bug 14407] New: [oss-fuzz] RPC_NETLOGON: Direct-leak in g_malloc (generate_hash_key)

bugzilla-daemon Sun, 11 Feb 2018 01:48:07 -0800

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14407


            Bug ID: 14407
           Summary: [oss-fuzz] RPC_NETLOGON: Direct-leak in g_malloc
                    (generate_hash_key)
           Product: Wireshark
           Version: Git
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: darkjames...@darkjames.pl
  Target Milestone: ---

Created attachment 16113
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16113&action=edit
Sample pcap triggering memleaks

Build Information:
TShark (Wireshark) 2.5.1 (v2.5.1rc0-40-g4be24cfc)

Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) without libpcap, with GLib 2.42.2, with zlib 1.2.8, without
SMI, without c-ares, without Lua, without GnuTLS, with Gcrypt 1.6.3, without
Kerberos, without GeoIP, without nghttp2, without LZ4, without Snappy, without
libxml2.

Running on Linux 3.17.4-301.fc21.x86_64, with Intel(R) Xeon(R) CPU          
E5530  @ 2.40GHz (with SSE4.2), with 24093 MB of physical memory, with locale
en_US.UTF-8, with Gcrypt 1.6.3, with zlib 1.2.8.

Built using gcc 4.9.2 20150212 (Red Hat 4.9.2-6).
--
A problem was found by the oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6028

valgrind log:

==10797== Thread 1:
==10797== 4 bytes in 1 blocks are definitely lost in loss record 6 of 47
==10797==    at 0x4C29C4F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10797==    by 0xA744405: g_malloc (gmem.c:97)
==10797==    by 0x77372B3: wmem_memdup (wmem_miscutl.c:35)
==10797==    by 0x6CA2B0A: alloc_address_wmem (address.h:159)
==10797==    by 0x6CA2B0A: copy_address_wmem (address.h:277)
==10797==    by 0x6CA2B0A: copy_address (address.h:287)
==10797==    by 0x6CA2B0A: generate_hash_key.constprop.24
(packet-dcerpc-netlogon.c:2402)
==10797==    by 0x6CA316C: dissect_secchan_verf (packet-dcerpc-netlogon.c:7783)
==10797==    by 0x6CC4796: dissect_auth_verf (packet-dcerpc.c:1262)
==10797==    by 0x6CC4796: dissect_dcerpc_cn_auth (packet-dcerpc.c:3880)
==10797==    by 0x6CC9DFB: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4543)
==10797==    by 0x6CC9DFB: dissect_dcerpc_cn (packet-dcerpc.c:5606)
==10797==    by 0x6CCB150: dissect_dcerpc_pdu (packet-dcerpc.c:5808)
==10797==    by 0x72D99AC: tcp_dissect_pdus (packet-tcp.c:3624)
==10797==    by 0x6CC1CEF: dissect_dcerpc_tcp_heur (packet-dcerpc.c:5826)
==10797==    by 0x6A7A4E1: dissector_try_heuristic (packet.c:2686)
==10797==    by 0x72D9F51: decode_tcp_ports (packet-tcp.c:5568)
==10797== 
==10797== 4 bytes in 1 blocks are definitely lost in loss record 7 of 47
==10797==    at 0x4C29C4F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10797==    by 0xA744405: g_malloc (gmem.c:97)
==10797==    by 0x77372B3: wmem_memdup (wmem_miscutl.c:35)
==10797==    by 0x6CA2CBE: alloc_address_wmem (address.h:159)
==10797==    by 0x6CA2CBE: copy_address_wmem (address.h:277)
==10797==    by 0x6CA2CBE: copy_address (address.h:287)
==10797==    by 0x6CA2CBE: generate_hash_key.constprop.24
(packet-dcerpc-netlogon.c:2403)
==10797==    by 0x6CA316C: dissect_secchan_verf (packet-dcerpc-netlogon.c:7783)
==10797==    by 0x6CC4796: dissect_auth_verf (packet-dcerpc.c:1262)
==10797==    by 0x6CC4796: dissect_dcerpc_cn_auth (packet-dcerpc.c:3880)
==10797==    by 0x6CC9DFB: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4543)
==10797==    by 0x6CC9DFB: dissect_dcerpc_cn (packet-dcerpc.c:5606)
==10797==    by 0x6CCB150: dissect_dcerpc_pdu (packet-dcerpc.c:5808)
==10797==    by 0x72D99AC: tcp_dissect_pdus (packet-tcp.c:3624)
==10797==    by 0x6CC1CEF: dissect_dcerpc_tcp_heur (packet-dcerpc.c:5826)
==10797==    by 0x6A7A4E1: dissector_try_heuristic (packet.c:2686)
==10797==    by 0x72D9F51: decode_tcp_ports (packet-tcp.c:5568)
==10797== 
==10797== LEAK SUMMARY:
==10797==    definitely lost: 8 bytes in 2 blocks

-- 
You are receiving this mail because:
You are watching all bug changes.

___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14407] New: [oss-fuzz] RPC_NETLOGON: Direct-leak in g_malloc (generate_hash_key)

Reply via email to