Re: [hatari-devel] Buffer overflow in Paths

Re: [hatari-devel] Buffer overflow in Paths_Init()

[ Thread Index | Date Index | More lists.tuxfamily.org/hatari-devel Archives ]

To: hatari-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [hatari-devel] Buffer overflow in Paths_Init()
From: Christian Zietz <czietz@xxxxxxx>
Date: Fri, 18 Jan 2019 08:28:16 +0100
Autocrypt: addr=czietz@xxxxxxx; prefer-encrypt=mutual; keydata= mQGiBDdn2AURBADksdHVyN55nv0lx4qGx+GQMrbo7zs7lSkAfhkgmgqp84xUeUiWI/kj1on/ wxkmJ96Yzt0ktDbZYM0C9Z66M3rLfXE1vXALHhegeMuOy/tVWybcohRrhfB7tmANTESJOZke 0lZZ59DcIfFoqLYErb6qX8nLPYnOv6sFubxnhuF9QQCg/3GaIR1sVK9Xq+b4B9BtVxd7cHMD /i2hAEOX3WY3K7PNZJziYF54uBbGiVS88W41l1RARcaeogIZcAKpFH3on+Tf60fAC85MCp17 QIeP44hj4Cf46B+UTVhf3EFG4IOsLRxUonpt7dKO8txsKFN/OFsjlPOuDyg7XMpEWkTWZetm HC9/0pcApIXSDnggde4T8AX6nn/+A/4hBOhPxuvkV7Uw/ebLYwXrLo2vt9OvvC1VfeywNseq PIkFX/+n/+niBS+Cb2ess2SVQNKJ9vP5+vBxg5AMfQXqk1ONldGQ/ARHmL6+Iuo47mO51e7R i691hq13wHUvyKh1AN7fpKI2m3YW55XEQ+3iTMIZcqfjr6xYgG8GJTppdbQgQ2hyaXN0aWFu IFppZXR6IDxjemlldHpAZ214Lm5ldD6IYwQQEQIAIwIZAQIeAQIXgAUCVGD5IgcLCQgHAwIB BhUIAgkKCwQWAgMBAAoJEFLLl/ZtoCXKubQAoIHNaurSMQB8MHDoTk3B7WHk2ApoAJ0egA8q aNoVj0kU4+OjeGzFiSHMOrkCDQQ3Z9gFEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlL OCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeS Wc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGze MyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlL IhkmuquiXsNV6TILOwACAgf+JhucyZDzOWGht9e0U71kC2bxIOr4iz+ADd3sxS62okrocHXp B9zYDhmJ74BFfC7xMd9bwWNj7YR0yiUdOzY27OcXcEkVmhVBW6AqxuRAKfmYMvvnyR5z5OP6 vg2YSzgOmooc5vequa5YIjLmFkuRlglLiEgdW9gPBFtirNqxOtAqSxEcRrblSn8JBEU51Ii6 SVVuo1nXOP11g8rVO4YvEED89pHT4jgLZu4th1N+mDumNZlqyUIxZ4tQyw3X2OWvEbKWGn2j h0ZywaomUTpVA+wiwxndawP40oowFYT8LNeLtfZyq6xPpQmT2DaNhP4gdy3qkDfnmXkc2zFM YukXo4g/AwUYN2fYBVLLl/ZtoCXKEQKA3QCfTJstYzXurbt9ZnoTU3SFQQmG0/wAoNX91nWM nsS7JOepPAzOUoke4AIi
Openpgp: preference=signencrypt

Eero Tamminen schrieb:

> I've always though Linux has better / more accessible ones, but
> strangely enough e.g. Valgrind doesn't complain about this.
> 
> Or did you mean that heap debugging is enabled by default?
> 
> (Glibc has some heap corruption checks always enabled, and Linux
> distros enable by default some GCC checks for all packages, but
> these are pretty lightweight.)

As Thomas pointed out, there probably is no actual buffer overflow with
Linux, which is why runtime corruption checks (like Windows probably
also does) will not detect this fault. A good static code analysis tool
could probably find out that File_MakeAbsoluteName does a strcpy from a
potentially bigger buffer into a smaller one.

> Attached is patch for you to test.

Sorry, but I don't have the build environment to compile Hatari from
source code. I have, however, verified by patching the binary with a
hex-editor that the crash goes away if I increase the memory allocated
for sDataDir. Therefore, I'm confident your patch will work as well.

Regards
Christian
-- 
Christian Zietz  -  CHZ-Soft  -  czietz@xxxxxxx
WWW: http://www.chzsoft.de/
PGP/GnuPG-Key-ID: 0x52CB97F66DA025CA / 0x6DA025CA

References:
- [hatari-devel] Buffer overflow in Paths_Init()
  - From: Christian Zietz
- Re: [hatari-devel] Buffer overflow in Paths_Init()
  - From: Eero Tamminen

Messages sorted by: [ date | thread ]
Prev by Date: Re: [hatari-devel] Buffer overflow in Paths_Init()
Next by Date: Re: [hatari-devel] Buffer overflow in Paths_Init()
Previous by thread: Re: [hatari-devel] Buffer overflow in Paths_Init()
Next by thread: [hatari-devel] Pending work to finish before next release 2.2 ?

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/