|
Message-ID: <CAG8b5tTFV3cziyLRuwDpV=DrhwQtOp6D_n=BH4_mYvLc3cKC+g@mail.gmail.com> Date: Fri, 11 Jan 2019 23:44:28 +0530 From: Dhiraj Mishra <mishra.dhiraj95@...il.com> To: oss-security@...ts.openwall.com Subject: SEGV in libIEC61850 protocol Hi List, ## Summary: An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. ## Snip code from sv_subscriber.c#L186 Thread_start(thread); } else { if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Starting SV receiver failed for interface %s\n", self->interfaceId); } } ## Memory leak: Using interface eth0 Error creating raw socket! ASAN:DEADLYSIGNAL ==1403==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000a (pc 0x55b5675c1284 bp 0x7f92623fee30 sp 0x7f92623fee20 T1) ==1403==The signal is caused by a WRITE memory access. ==1403==Hint: address points to the zero page. #0 0x55b5675c1283 in Ethernet_setProtocolFilter /home/input0/Desktop/libiec61850/hal/ethernet/linux/ethernet_linux.c:209 #1 0x55b5675ba75f in SVReceiver_startThreadless /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:232 #2 0x55b5675ba3b7 in svReceiverLoop /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:163 #3 0x55b5675c1720 in destroyAutomaticThread /home/input0/Desktop/libiec61850/hal/thread/linux/thread_linux.c:90 #4 0x7f9265c976da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #5 0x7f92659c088e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/input0/Desktop/libiec61850/hal/ethernet/linux/ethernet_linux.c:209 in Ethernet_setProtocolFilter Thread T1 created by T0 here: #0 0x7f9265ee6d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f) #1 0x55b5675c17ab in Thread_start /home/input0/Desktop/libiec61850/hal/thread/linux/thread_linux.c:101 #2 0x55b5675ba49a in SVReceiver_start /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:186 #3 0x55b5675b9eec in main /home/input0/Desktop/libiec61850/examples/sv_subscriber/sv_subscriber_example.c:76 #4 0x7f92658c0b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) ==1403==ABORTING Later CVE-2019-6136 was assigned to this. Thank you @mishradhiraj_
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.