[OpenWrt-Devel] [PATCH] file: fix segfault in uci_parse_option
ynezz at true.cz
Sat Dec 28 14:48:37 EST 2019
Luka Kožnjak <luka.koznjak at sartura.hr> [2019-12-28 20:30:53]:
> Fix a segmentation fault caused by using a pointer to a reallocated address.
> The name pointer in the uci_parse_option function becomes invalid if
> assert_eol calls uci_realloc down the line, resulting in a segmentation
> fault when attempting to dereference name in a strcmp check in
> uci_lookup_list. A simple fix is to call assert_eol before retrieving the
> actual address for the name and type pointers.
thanks for the fix.
> The segmentation fault has been found while fuzzing the
> uci configuration system for various types of different crashes
> and undefined behaviors, which resulted in multiple different
> import files causing instability and segmentation faults.
Can you share that uci configuration causing this crash as well?
I would like to add it into unit tests which are run on GitLab CI after
every push to Git repository so we can protect better ourselves against
possible re-introduction of the issue in the future during refactoring etc.
BTW I plan to add some libFuzzer based fuzzing to UCI soon (as done recently
in libubox for example), so I'm wondering if you could share your fuzzing
setup/sources as well in order to save some time, thanks!
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel