Skip to content

Commit

Permalink
Avoid buffer underflow
Browse files Browse the repository at this point in the history 
Check if requested string is long enough for comparison.

    ==65303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000013a4d at pc 0x00000043e1cb bp 0x7ffe4e3c09a0 sp 0x7ffe4e3c0140
    READ of size 1 at 0x602000013a4d thread T0
        #0 0x43e1ca in __interceptor_strncasecmp (/home/christian/Coding/workspaces/goaccess/goaccess+0x43e1ca)
        allinurl#1 0x5922e0 in verify_static_content /home/christian/Coding/workspaces/goaccess/src/parser.c
        allinurl#2 0x5922e0 in is_static /home/christian/Coding/workspaces/goaccess/src/parser.c:1487:10
        allinurl#3 0x58ecbc in pre_process_log /home/christian/Coding/workspaces/goaccess/src/parser.c:1775:12
        allinurl#4 0x593bd5 in read_line /home/christian/Coding/workspaces/goaccess/src/parser.c:1797:14
        allinurl#5 0x593bd5 in read_lines /home/christian/Coding/workspaces/goaccess/src/parser.c:1914:16
        allinurl#6 0x593bd5 in read_log /home/christian/Coding/workspaces/goaccess/src/parser.c:2008:7
        allinurl#7 0x593bd5 in parse_log /home/christian/Coding/workspaces/goaccess/src/parser.c:2059:9
        allinurl#8 0x55c83a in main /home/christian/Coding/workspaces/goaccess/src/goaccess.c:1612:14
        allinurl#9 0x7f00dae96e49 in __libc_start_main csu/../csu/libc-start.c:314:16
        allinurl#10 0x4289d9 in _start (/home/christian/Coding/workspaces/goaccess/goaccess+0x4289d9)

    0x602000013a4d is located 3 bytes to the left of 3-byte region [0x602000013a50,0x602000013a53)
    allocated by thread T0 here:
        #0 0x4a519d in malloc (/home/christian/Coding/workspaces/goaccess/goaccess+0x4a519d)
        allinurl#1 0x61d38a in xmalloc /home/christian/Coding/workspaces/goaccess/src/xmalloc.c:46:14
        allinurl#2 0x61d569 in xstrdup /home/christian/Coding/workspaces/goaccess/src/xmalloc.c:58:9
        allinurl#3 0x59b1ac in decode_url /home/christian/Coding/workspaces/goaccess/src/parser.c:325:19
        allinurl#4 0x59b6a3 in parse_req /home/christian/Coding/workspaces/goaccess/src/parser.c:559:16
        allinurl#5 0x5978df in parse_specifier /home/christian/Coding/workspaces/goaccess/src/parser.c:1026:20
        allinurl#6 0x5904aa in parse_format /home/christian/Coding/workspaces/goaccess/src/parser.c:1382:18
        allinurl#7 0x58dc07 in pre_process_log /home/christian/Coding/workspaces/goaccess/src/parser.c:1743:11
        allinurl#8 0x593bd5 in read_line /home/christian/Coding/workspaces/goaccess/src/parser.c:1797:14
        allinurl#9 0x593bd5 in read_lines /home/christian/Coding/workspaces/goaccess/src/parser.c:1914:16
        allinurl#10 0x593bd5 in read_log /home/christian/Coding/workspaces/goaccess/src/parser.c:2008:7
        allinurl#11 0x593bd5 in parse_log /home/christian/Coding/workspaces/goaccess/src/parser.c:2059:9
        allinurl#12 0x55c83a in main /home/christian/Coding/workspaces/goaccess/src/goaccess.c:1612:14
        allinurl#13 0x7f00dae96e49 in __libc_start_main csu/../csu/libc-start.c:314:16
  • Loading branch information
@cgzones
cgzones committed Sep 10, 2021
1 parent 1ce51ed commit 7ac10de
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/parser.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -454,7 +454,7 @@ verify_static_content (const char *req) {
continue;
}

if (!strncasecmp (nul - elen, ext, elen))
if (nul - req > elen && !strncasecmp (nul - elen, ext, elen))
return 1;
}

Expand Down

0 comments on commit 7ac10de

Please sign in to comment.