Re: strings / libbfd crasher

[Hanno Böck <hanno () hboeck de>]

I've checked the upstream patch they pointed me to:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f

Unfortunately this mixes in another change that is a revert, so it
doesn't apply cleanly to the current release (2.24), if anyone needs it
I've re-diffed it:
https://files.hboeck.de/binutils-2.24-fix-crash.diff

This fixes the original stringme and strinmetoo from mancha, but not
the latest sample von Michal:

Am Fri, 24 Oct 2014 12:10:31 -0700
schrieb Michal Zalewski <lcamtuf () coredump cx>:

> I do have a bunch more that seem exploitable, though - for example:
>
> http://lcamtuf.coredump.cx/strings-bfd-badfree - does this repro for
> people (I tried with binutils 2.24)?

I checked with the upstream patch and this seems still vulnerable.

> I don't understand the user benefit of extracting strings only from
> certain sections of executables, and I almost feel like it's a side
> effect of strings being a part of binutils more than anything else.

I fully agree. I wasn't aware strings does any kind of executable
parsing and I was very surprised that there is any attack vector at all
against it at all.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description: