oss-sec mailing list archives
SEGV in libIEC61850 protocol
From: Dhiraj Mishra <mishra.dhiraj95 () gmail com>
Date: Fri, 11 Jan 2019 23:44:28 +0530
Hi List, ## Summary: An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. ## Snip code from sv_subscriber.c#L186 Thread_start(thread); } else { if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Starting SV receiver failed for interface %s\n", self->interfaceId); } } ## Memory leak: Using interface eth0 Error creating raw socket! ASAN:DEADLYSIGNAL ==1403==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000a (pc 0x55b5675c1284 bp 0x7f92623fee30 sp 0x7f92623fee20 T1) ==1403==The signal is caused by a WRITE memory access. ==1403==Hint: address points to the zero page. #0 0x55b5675c1283 in Ethernet_setProtocolFilter /home/input0/Desktop/libiec61850/hal/ethernet/linux/ethernet_linux.c:209 #1 0x55b5675ba75f in SVReceiver_startThreadless /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:232 #2 0x55b5675ba3b7 in svReceiverLoop /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:163 #3 0x55b5675c1720 in destroyAutomaticThread /home/input0/Desktop/libiec61850/hal/thread/linux/thread_linux.c:90 #4 0x7f9265c976da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #5 0x7f92659c088e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/input0/Desktop/libiec61850/hal/ethernet/linux/ethernet_linux.c:209 in Ethernet_setProtocolFilter Thread T1 created by T0 here: #0 0x7f9265ee6d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f) #1 0x55b5675c17ab in Thread_start /home/input0/Desktop/libiec61850/hal/thread/linux/thread_linux.c:101 #2 0x55b5675ba49a in SVReceiver_start /home/input0/Desktop/libiec61850/src/sampled_values/sv_subscriber.c:186 #3 0x55b5675b9eec in main /home/input0/Desktop/libiec61850/examples/sv_subscriber/sv_subscriber_example.c:76 #4 0x7f92658c0b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) ==1403==ABORTING Later CVE-2019-6136 was assigned to this. Thank you @mishradhiraj_
Current thread:
- SEGV in libIEC61850 protocol Dhiraj Mishra (Jan 11)