Skip to content

Fix use-after-free's in IPIP probe module#815

Merged
zakird merged 1 commit intozmap:mainfrom
droe:droe/fix-ipip-uaf
Mar 8, 2024
Merged

Fix use-after-free's in IPIP probe module#815
zakird merged 1 commit intozmap:mainfrom
droe:droe/fix-ipip-uaf

Conversation

@droe
Copy link
Contributor

@droe droe commented Mar 8, 2024

Fix two UaF's where memory in args was accessed through c pointer after freeing args, silencing the respective compiler warnings on Linux/GCC. The UaFs are on error paths as part of parsing the command line, and as such unreachable from malicious response packets.

While here:

  • Remove dead code after log_fatal()
  • Avoid interpreting percent chars in ipip_usage_error
  • Replace a manual if/exit combo with an assertion
  • Remove extra newlines in log strings

@droe
Fix use-after-free's in IPIP probe module
237cde7 
Fix two UaF's where memory in `args` was accessed through `c` pointer
after freeing `args`, silencing the respective compiler warnings on
Linux/GCC.  The UaFs are on error paths as part of parsing the command
line, and as such unreachable from malicious response packets.

While here, remove dead code after `log_fatal()`, avoid interpreting
percent chars in `ipip_usage_error`, replace a manual if/exit combo with
an assertion, and remove extra newlines in log strings.
@zakird zakird merged commit 118538b into zmap:main Mar 8, 2024
@droe droe deleted the droe/fix-ipip-uaf branch March 11, 2024 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zakird zakird zakird approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@droe @zakird