sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netlib_parseurl.c: Fix string overruns

Browse Source 
For EINVAL, it doesn't make sense to keep parsing.
(For E2BIG, it might make some sense.)

Found by LLVM ASan.

```
=================================================================
==81622==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000f2 at pc 0x00010d2746ca bp 0x7ffee29a9980 sp 0x7ffee29a9978
READ of size 1 at 0x6020000000f2 thread T0
    #0 0x10d2746c9 in netlib_parseurl netlib_parseurl.c:121
    #1 0x10d26b293 in parseurl webclient.c:479
    #2 0x10d265e48 in webclient_perform webclient.c:690
    #3 0x10d277c5b in main main.c:210
    #4 0x7fff7a06f3d4 in start+0x0 (libdyld.dylib:x86_64+0x163d4)

0x6020000000f2 is located 0 bytes to the right of 2-byte region [0x6020000000f0,0x6020000000f2)
allocated by thread T0 here:
    #0 0x10d3996d3 in wrap_strdup+0x203 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x3e6d3)
    #1 0x10d276abe in main main.c:147
    #2 0x7fff7a06f3d4 in start+0x0 (libdyld.dylib:x86_64+0x163d4)

SUMMARY: AddressSanitizer: heap-buffer-overflow netlib_parseurl.c:121 in netlib_parseurl
Shadow bytes around the buggy address:
  0x1c03ffffffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03ffffffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03ffffffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03fffffff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c0400000000: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa 00 00
=>0x1c0400000010: fa fa 00 fa fa fa 00 00 fa fa 00 06 fa fa[02]fa
  0x1c0400000020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==81622==ABORTING
```
This commit is contained in:
YAMAMOTO Takashi 2021-05-07 15:20:34 +09:00 committed by Xiang Xiao
parent 73a93e2370
commit 998abe1deb
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
netutils/netlib/netlib_parseurl.c
View File

@ -113,21 +113,21 @@ int netlib_parseurl(FAR const char *str, FAR struct url_s *url)
if (*src != ':') if (*src != ':')
{ {
ret = -EINVAL; return -EINVAL;
} }
src++; src++;
if (*src != '/') if (*src != '/')
{ {
ret = -EINVAL; return -EINVAL;
} }
src++; src++;
if (*src != '/') if (*src != '/')
{ {
ret = -EINVAL; return -EINVAL;
} }
src++; src++;