oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

elfutils: memory allocation failure in xcalloc (xmalloc.c)

From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:43:59 +0000
Description:
elfutils is a set of libraries/utilities to handle ELF objects (drop in replacement for libelf).

A fuzz on eu-elflint showed a memory allocation failure.

The interesting ASan output:

# eu-elflint -d $FILE
==5053==AddressSanitizer CHECK failed: 
/tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 "((0 && "unable 
to mmap")) != (0)" (0x0, 0x0)
    #0 0x7faa2335941d  (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xcb41d)
    #1 0x7faa2335f063 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long 
long) (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xd1063)
    #2 0x7faa2335f24d  (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xd124d)
    #3 0x7faa23368c52  (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xdac52)
    #4 0x7faa232ba0b9  (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0x2c0b9)
    #5 0x7faa232b249b  (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0x2449b)
    #6 0x7faa2335040a in calloc (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xc240a)
    #7 0x431b8d in xcalloc /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/lib/xmalloc.c:64
    #8 0x41f0bb in check_sections /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:3680
    #9 0x42961f in process_elf_file /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:4697
    #10 0x42961f in process_file /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:242
    #11 0x402d33 in main /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:175
    #12 0x7faa21c6378f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #13 0x403498 in _start (/usr/bin/eu-elflint+0x403498)
Affected version:
0.168

Fixed version:
0.169 (not released atm)

Commit fix:
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00133.html

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-7613

Reproducer:
https://github.com/asarubbo/poc/blob/master/00236-elfutils-memallocfailure

Timeline:
2017-03-27: bug discovered and reported to upstream
2017-04-04: blog post about the issue
2017-04-09: CVE assigned

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/


--
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: