-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in kac_print #26
Comments
The NPDM provided has malformed input -- the ACI0 appears to have been shifted one byte to start at 0x4A3 instead of 0x4A4, where it should. I'm not entirely certain that this is reasonably addressable -- the ACI/KAC format specifies the size for the KAC, and by shifting the format you're causing it to decide the KAC is enormous, so it will crash while trying to parse KAC entries in uninitialized memory. I don't know that it's within scope to guard against deliberately malicious input. Thoughts? |
if you do plan to patch out exploits in hactool, then i'll probably fuzz it some more (so far i found 2 heap overflows and a stack overflow in the romfs parser) |
I saw your previous message about compiling with ASAN. You need -fsanitize=address in the linker flags, too. |
ASAN log: https://hastebin.com/fajijidacu.go
crashing sample: heapoverflownpdm.zip
found through afl-fuzz
The text was updated successfully, but these errors were encountered: