Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overflow from input anywhere in machine, hangs machine. #165

Open
justinmarma opened this issue Jan 17, 2017 · 11 comments
Open

Buffer overflow from input anywhere in machine, hangs machine. #165

justinmarma opened this issue Jan 17, 2017 · 11 comments
Assignees
@double-fault
Labels
status-norepro

Comments

@justinmarma
Copy link

justinmarma commented Jan 17, 2017
edited by amanuel2
Loading

Below is a linked image of the POC, system is hanged
@amanuel2
Copy link
Member

That is because the get_opt function uses str_t as the type of the sting provided which has a maximum buffer of 200. @Fortunate-MAN will fix this as soon as i add memory manager and get it to char* .

Note for @Fortunate-MAN :

I know in some places i do for(int i=0; i<200; i++) str_t_instance[i]=0; to clear out the buffer , dont forget to change those to fix this problem after i get memory manager working.

@double-fault
Copy link
Member

@justinmarma Can you give the exact ways how to reproduce this problem on another computer? I would need information like which OS you are running, are you running the latest build or v0.0.1, what commands are you doing before you run the OS or does it happen if you just start the OS?

Also, as per the image you have given, it looks like you are running an old version, so please get the Nightly Build from bintray or compile from source and run it.

@amanuel2
Copy link
Member

@Fortunate-MAN v0.0.1 or v0.0.2 .. i released the second version yesterday.

@amanuel2 amanuel2 added the i386 label Jan 17, 2017
@justinmarma
Copy link
Author

@Fortunate-MAN The bug exists in v0.0.2 too. I'm running the OS in VirtualBox and I showed above that it happens when input exceeds buffer len..

The buffer length is 200 and the BOF happens around 56 extra bytes relative to the end of the buffer.

This can be reproduced by creating a script or program to produce 200 chars and add the variable length to it, then pasting it into the console if you use VBox.

@double-fault
Copy link
Member

@justinmarma no repro on this one either. I'm running QEmu on Ubuntu 14.04 and nothing much happened even after I entered way more than 200 chars. @amanuel2 can you repro this issue?

selection_143

@amanuel2
Copy link
Member

same here i cant reproduce this but, when you press enter the big crash happenes.

@justinmarma
Copy link
Author

@amanuel2 @Fortunate-MAN The larger the input the more memory gets corrupted, the "big crash" is the buffer overflow and subsequent crash, so you are in fact reproducing the error, you're just not getting the same error I got because of the insane amount of chars you entered.

@justinmarma
Copy link
Author

Fresh Crash screenshot :) :) :) :)

@amanuel2 amanuel2 reopened this Jan 19, 2017
@double-fault
Copy link
Member

@justinmarma so you're saying that the crash happens after you press enter like @amanuel2 said?

@double-fault
Copy link
Member

@justinmarma please reply.

@justinmarma
Copy link
Author

justinmarma commented Jan 22, 2017
edited
Loading

@Fortunate-MAN Yes, the BOF can only happen if a large amount of data is written into a buffer smaller than the input, which doesn't happen until one presses "enter" and it's written to the buffer. I think the BOF is in str_t but I may be wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@double-fault double-fault

Labels
status-norepro
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@double-fault @amanuel2 @justinmarma