Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixes a use-of-uninitialized-value in light_pcapng.c #1669

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from

Conversation

Shivam7-1
Copy link

This PR fixes a use-of-uninitialized-value vulnerability in light_pcapng.c. The changes ensure all allocated memory is properly initialized before use, mitigating potential crashes and undefined behavior.

Issue: https://issues.oss-fuzz.com/issues/42536106
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6639796737867776

@Shivam7-1 Shivam7-1 requested a review from seladb as a code owner December 23, 2024 14:56
@Shivam7-1
Copy link
Author

Hii @seladb Could You please Review this PR
Thanks

@Dimi1010 Dimi1010 changed the base branch from master to dev December 24, 2024 06:23
@Dimi1010 Dimi1010 closed this Dec 24, 2024
@Dimi1010 Dimi1010 reopened this Dec 24, 2024
Copy link

codecov bot commented Dec 24, 2024

Codecov Report

Attention: Patch coverage is 70.96774% with 27 lines in your changes missing coverage. Please review.

Project coverage is 83.15%. Comparing base (f81ced2) to head (9f355b1).
Report is 3 commits behind head on dev.

Files with missing lines Patch % Lines
...rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c 70.96% 23 Missing and 4 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##              dev    #1669      +/-   ##
==========================================
- Coverage   83.16%   83.15%   -0.02%     
==========================================
  Files         277      277              
  Lines       48193    48204      +11     
  Branches     9966     9945      -21     
==========================================
+ Hits        40081    40083       +2     
+ Misses       7234     7227       -7     
- Partials      878      894      +16     
Flag Coverage Δ
alpine320 75.14% <70.37%> (-0.02%) ⬇️
fedora40 75.18% <70.37%> (-0.02%) ⬇️
macos-13 80.65% <69.66%> (-0.01%) ⬇️
macos-14 80.65% <69.66%> (-0.01%) ⬇️
macos-15 80.62% <69.66%> (-0.01%) ⬇️
mingw32 70.87% <ø> (-0.05%) ⬇️
mingw64 70.86% <ø> (-0.03%) ⬇️
npcap 85.23% <ø> (-0.09%) ⬇️
rhel94 75.01% <70.37%> (-0.02%) ⬇️
ubuntu2004 58.61% <70.37%> (-0.01%) ⬇️
ubuntu2004-zstd 58.72% <70.37%> (-0.03%) ⬇️
ubuntu2204 74.94% <70.37%> (-0.04%) ⬇️
ubuntu2204-icpx 61.44% <ø> (ø)
ubuntu2404 75.21% <70.37%> (+0.01%) ⬆️
unittest 83.15% <70.96%> (-0.02%) ⬇️
windows-2019 85.33% <ø> (-0.01%) ⬇️
windows-2022 85.36% <ø> (-0.01%) ⬇️
winpcap 85.33% <ø> (ø)
xdp 50.52% <0.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

}
break;
void parse_by_block_type(struct _light_pcapng *current, const uint32_t *local_data, const uint32_t *block_start) {
switch (current->block_type) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's better to follow the original format.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for reviewing Could you clarify if the concern is solely about formatting or if there are issues with the fix itself? If it’s just formatting, I’ll align it with the original style while keeping the vulnerability fix intact.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only about the formatting. We try to minimize the change in 3rdParty because we may merge the latest changes from upstream in the future. However, vulnerability fixes are welcome. Please also leave a comment like // PCPP patch in your patch so we can easily identify the changes in the future.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes Done you can Review and Ready to Merge

{ // PCPP patch
DPRINT_HERE(LIGHT_SECTION_HEADER_BLOCK);
struct _light_section_header *shb = calloc(1, sizeof(struct _light_section_header));
struct _light_option *opt = calloc(1, sizeof(struct _light_option));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't that esentially leak the memory as opt is overwritten on L109?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes you are correct for this here can be used free (opt) Memory Before Reassignment
I had created Commit below

{ // PCPP patch
DPRINT_HERE(LIGHT_INTERFACE_BLOCK);
struct _light_interface_description_block *idb = calloc(1, sizeof(struct _light_interface_description_block));
struct _light_option *opt = calloc(1, sizeof(struct _light_option));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto: memory leak


case LIGHT_ENHANCED_PACKET_BLOCK:
{
DPRINT_HERE(LIGHT_ENHANCED_PACKET_BLOCK);
struct _light_enhanced_packet_block *epb = NULL;
struct _light_option *opt = NULL;
struct _light_option *opt = calloc(1, sizeof(struct _light_option));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto: memory leak

@@ -182,7 +181,7 @@ void parse_by_block_type(struct _light_pcapng *current, const uint32_t *local_da
{
DPRINT_HERE(LIGHT_CUSTOM_DATA_BLOCK);
struct _light_custom_nonstandard_block *cnb = NULL;
struct _light_option *opt = NULL;
struct _light_option *opt = calloc(1, sizeof(struct _light_option));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto: memory leak

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes done some Improvement to memory free(opt) now there wouldn't be any leakage i think

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants