The Samba-Bugzilla – Attachment 15652 Details for
Bug 14210
smbd NULL pointer de-reference in smb2_signing_decrypt_pdu
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN Log
file_14210.txt (text/plain), 3.70 KB, created by
Andrew Bartlett
on 2019-11-29 17:48:01 UTC
(
hide
)
Description:
ASAN Log
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-11-29 17:48:01 UTC
Size:
3.70 KB
patch
obsolete
> >==946495==ABORTING >================================================================= >==947331==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x000001e94739 bp 0x7fffd906c3d0 sp 0x7fffd906c260 T1) >==947331==The signal is caused by a READ memory access. >==947331==Hint: address points to the zero page. > #0 0x1e94738 in smb2_signing_decrypt_pdu /home/jagger/fuzz/samba/samba/bin/default/../../libcli/smb/smb2_signing.c:617:3 > #1 0xb16fa0 in smbd_smb2_inbuf_parse_compound /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/smb2_server.c:435:13 > #2 0xb1517c in smbd_smb2_io_handler /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/smb2_server.c:4015:11 > #3 0xb1445f in smbd_smb2_connection_handler /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/smb2_server.c:4089:11 > #4 0x100d959 in tevent_common_invoke_fd_handler /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_fd.c:138:2 > #5 0x1029a66 in epoll_event_loop /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_epoll.c:736:11 > #6 0x1024405 in epoll_event_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_epoll.c:937:9 > #7 0x101fe5b in std_event_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_standard.c:110:8 > #8 0x100a943 in _tevent_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent.c:772:8 > #9 0x100b286 in tevent_common_loop_wait /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent.c:895:9 > #10 0x102000b in std_event_loop_wait /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_standard.c:141:8 > #11 0xad352f in smbd_process /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/process.c:4138:8 > #12 0xdc4612 in smbd_accept_connection /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/server.c:1010:3 > #13 0x100d959 in tevent_common_invoke_fd_handler /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_fd.c:138:2 > #14 0x1029a66 in epoll_event_loop /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_epoll.c:736:11 > #15 0x1024405 in epoll_event_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_epoll.c:937:9 > #16 0x101fe5b in std_event_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_standard.c:110:8 > #17 0x100a943 in _tevent_loop_once /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent.c:772:8 > #18 0x100b286 in tevent_common_loop_wait /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent.c:895:9 > #19 0x102000b in std_event_loop_wait /home/jagger/fuzz/samba/samba/bin/default/../../lib/tevent/tevent_standard.c:141:8 > #20 0xdbfbac in smbd_parent_loop /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/server.c:1355:8 > #21 0xdbcea1 in HonggfuzzNetDriver_main /home/jagger/fuzz/samba/samba/bin/default/../../source3/smbd/server.c:2204:2 > #22 0x25dabe6 in netDriver_mainProgram (/home/jagger/fuzz/samba/samba/bin/default/source3/smbd/smbd+0x25dabe6) > #23 0x7ffff59a4668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) > #24 0x7ffff5763322 in clone /build/glibc-4WA41p/glibc-2.30/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 > >AddressSanitizer can not provide additional info. >SUMMARY: AddressSanitizer: SEGV /home/jagger/fuzz/samba/samba/bin/default/../../libcli/smb/smb2_signing.c:617:3 in smb2_signing_decrypt_pdu >Thread T1 created by T0 here: > #0 0x5e126a in pthread_create (/home/jagger/fuzz/samba/samba/bin/default/source3/smbd/smbd+0x5e126a) > #1 0x25db5f0 in LLVMFuzzerInitialize (/home/jagger/fuzz/samba/samba/bin/default/source3/smbd/smbd+0x25db5f0) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15652">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14210
: 15652 |
15653
|
15654
|
15655
|
16336
|
16337
|
16338