Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix multiple vulns #2975

Closed
wants to merge 20 commits into from
Closed

Fix multiple vulns #2975

wants to merge 20 commits into from

Conversation

wargio
Copy link
Member

@wargio wargio commented Aug 22, 2022
edited
Loading

DO NOT SQUASH OR MERGE

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository
  • I made sure to follow the project's coding style
  • I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
  • I've added tests that prove my fix is effective or that my feature works (if possible)
  • I've updated the rizin book with the relevant information (if needed)

Detailed description

Fix #2974
Fix #2973
Fix #2972
Fix #2971
Fix #2970
Fix #2969
Fix #2968
Fix #2967
Fix #2966
Fix #2965
Fix #2964
Fix #2963
Fix #2962
Fix #2961
Fix #2960
Fix #2959
Fix #2958
Fix #2957
Fix #2956
Fix #2955
Fix #2954
Fix #2953
Fix #2952

@wargio wargio force-pushed the fix-multiple-vulns branch 2 times, most recently from b4480f1 to b9a9d4e Compare August 22, 2022 23:47
@wargio
Copy link
Member Author

wargio commented Aug 22, 2022

@m4drat please check if all the bugs have been patched in this branch

@XVilka
Copy link
Member

XVilka commented Aug 23, 2022

Please resend from fuzz- branch

XVilka
XVilka requested changes Aug 23, 2022
View reviewed changes
Copy link
Member

@XVilka XVilka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It breaks parsing PE signatures:

[XX] db/formats/pe/signature_cert PE: corkami signature.exe - iI
RZ_NOPLUGINS=1 /usr/bin/rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'iI~signed; q!' bins/pe/signature.exe
-- stdout
--- expected
+++ actual
@@ -1,1 +1,1 @@
-signed   true
+signed   false

-- stderr
WARNING: rz_pkcs7_parse_spcinfo: assertion 'cms' failed (line 675)

[**]                        db/formats/pe/imports_noint    15700 OK      1033 BR        2 XX       30 FX


[XX] db/formats/pe/signature_cert PE: corkami signature.exe - iCj
RZ_NOPLUGINS=1 /usr/bin/rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'iCj; q!' bins/pe/signature.exe
-- stdout
--- expected
+++ actual
@@ -1,1 +1,1 @@
-{"signature":{"Version":1,"DigestAlgorithms":["sha1"],"Certificates":[{"TBSCertificate":{"Version":1,"SerialNumber":"01","SignatureAlgorithm":"sha1WithRSAEncryption","Issuer":{"countryName":"AU","stateOrProvinceName":"Some-State","organizationName":"Internet Widgits Pty Ltd"},"Validity":{"NotBefore":"07/02/2011 09:10:26 GMT","NotAfter":"06/02/2013 09:10:26 GMT"},"Subject":{"countryName":"AU","stateOrProvinceName":"Some-State","organizationName":"Internet Widgits Pty Ltd","organizationalUnitName":"code signing"},"SubjectPublicKeyInfo":{"Algorithm":"rsaEncryption","Module":"01:00:01","Exponent":"00:ce:9e:d8:9d:cd:48:46:75:e0:e1:e7:29:00:90:f5:3f:60:6c:e2:6e:30:35:61:5b:71:19:99:15:17:08:8e:a5:90:77:dc:a8:d2:b9:9a:2b:5c:43:4e:f8:84:43:e8:cb:0a:6f:dd:24:a9:dc:bb:0a:9c:73:7d:ff:68:18:8a:22:be:e5:24:cd:0a:72:08:a3:1d:57:0f:68:7f:e2:67:ec:71:17:bb:e6:66:11:f3:8d:f3:62:55:95:7b:ff:57:86:50:cf:70:6a:3b:5e:7d:14:4a:67:66:0f:ac:77:8d:64:22:7d:5b:88:c5:21:ee:20:d5:8b:1d:61:b9:18:7d:00:4a:e0:a0:67:9b:ee:78:42:4c:4a:ad:09:e1:ca:54:4f:46:4d:b5:55:29:20:be:d0:3b:56:20:a9:30:d5:c9:3a:54:f2:b9:fb:86:4e:d9:1f:56:d5:5d:7f:86:b6:a7:bf:70:9f:16:d2:5f:2b:fa:a0:d9:b0:82:1c:b4:40:84:04:cc:c1:3e:c0:27:75:c4:d5:1a:32:15:53:06:7c:46:df:b5:4a:ae:0b:aa:02:00:f7:dd:d6:7b:21:ee:a2:a3:1a:ad:fd:fc:34:39:a8:46:1c:76:09:b7:85:97:4d:3c:f1:12:69:4e:8d:99:9a:05:6a:79:e3:ed:73:47:1d:62:b3:7b:83:7a:82:d2:1f:b9:36:a8:e5:41:2b:5c:2b:a0:ab:2c:4f:ab:2e:ff:87:74:2d:d0:24:b8:6b:9e:73:87:e6:f2:6d:29:84:3e:5b:a3:b2:47:c2:14:5d:1c:31:33:65:6a:77:f5:96:19:cd:f7:c5:41:9e:0b:fb:38:93:58:34:2a:9f:17:9f:01:75:73:bf:b3:64:bf:b6:b6:4c:ac:fc:10:28:e8:a6:ab:bf:76:29:aa:e9:89:1f:20:de:b9:b5:f5:9a:8f:45:8e:33:12:ee:b6:02:51:a4:6a:86:b1:1f:55:62:4c:2d:7f:54:42:9e:f8:ea:96:81:53:40:92:94:eb:64:a4:a2:f6:9e:fc:29:80:f1:eb:00:c6:8c:e1:48:30:9d:12:cf:04:ef:58:94:43:ce:99:c6:0a:70:70:3c:9b:2f:58:a0:a4:a8:a4:18:ab:ff:81:2c:c9:3f:00:93:c1:6a:8a:9d:1d:ce:db:78:5b:d2:be:52:f3:35:b2:55:79:39:11:2d:18:a9:83:6d:f6:32:79:45:1c:f2:98:6d:70:69:86:e8:1c:fa:a4:60:9f:4e:fd:10:7c:42:04:cd:bb:58:d5:4a:53:d1:95:86:3b:ab:0b:9d:bc:4a:18:8d:0b:79:76:59:4a:05:e8:b8:87:2d:d5:3c:8b:a3:01:af"},"Extensions":[]},"Algorithm":"sha1WithRSAEncryption","Signature":"82:2c:26:eb:5a:3e:98:6c:a1:23:74:be:76:ef:fb:14:97:ba:e3:74:56:db:84:8c:8d:1c:1c:f7:a7:1d:ce:69:2e:5b:cd:72:f0:e4:ad:14:86:c1:80:6d:32:da:57:e5:55:97:9b:74:5c:90:4d:ad:2f:31:d3:28:fb:98:01:68:48:08:04:a9:83:c2:25:2f:30:88:2b:ca:96:33:34:84:7a:a5:34:59:26:2a:9a:dd:cf:db:e8:5d:86:ed:f7:a4:2e:22:55:e3:a3:fc:97:0d:1e:f1:46:22:2b:df:ff:c6:12:b8:07:55:58:92:e5:79:60:78:83:42:a8:1d:1a:ad:4f:a2:bb:9c:b5:1b:0c:42:10:83:a3:eb:b6:2b:5e:78:6f:b4:aa:60:01:00:8a:10:71:d6:6d:c9:31:39:51:92:a2:e1:3c:93:87:9f:bc:26:87:5e:ad:c8:59:f9:91:7f:54:50:62:48:5d:b6:4b:4a:5c:6f:b9:24:db:21:77:07:cd:da:5f:27:2c:93:70:f0:fe:5f:f5:5c:0b:1a:62:22:c4:f1:d8:ca:a5:0c:4a:d7:ad:98:97:bc:f2:63:85:29:52:bf:37:d6:52:f0:11:1e:1d:30:f0:4d:0a:f1:ca:e0:c2:35:f4:be:91:be:21:c4:7e:e4:dc:23:b7:71:2d:29:79:ce:9a:b8:32:22:3c:fd:95:af:51:c9:71:2b:e3:e4:fe:ae:fc:b8:ef:13:70:90:22:8d:93:93:06:19:21:24:5f:39:07:35:d5:35:0a:92:58:56:1a:bc:2c:ed:d0:c9:c7:c0:12:04:6e:c2:48:1e:01:a2:7f:88:bf:b0:5c:7f:c0:49:cf:1d:ff:e6:23:0e:ae:65:01:3c:aa:11:44:80:be:b0:2c:69:8d:d3:8f:e6:35:6c:4b:42:70:8b:cb:52:9e:dc:ee:46:ae:16:ca:7d:32:1c:0a:21:33:b5:06:08:4a:4c:d7:f8:f8:6c:a8:ff:02:02:19:cc:dc:bf:2d:0b:ac:5a:a4:2d:ff:84:2d:db:0a:7c:f0:c8:0e:db:74:ca:d6:64:ba:88:36:86:4b:1e:9e:eb:7a:db:f9:7e:60:54:87:ad:19:4c:a3:73:e3:fe:99:1c:db:de:b1:d5:5f:3e:e7:d2:af:db:22:1a:37:d5:04:4e:38:bf:f1:f7:f9:55:8a:c7:5d:e0:71:64:18:48:76:3f:ae:62:c4:2b:e5:08:d4:44:cf:a2:2b:e2:bd:d8:b2:3c:5f:3a:6a:e7:f4:9a:ea:35:e9:74:87:36:d9:5a:72:9f:82:d0:45:5d:5e:b0:3c:31:48:2d:4a:4c:39:82:5a:55:02:3e:4f:4d:32:6f"}],"CRL":[],"SignerInfos":[{"Version":2,"Issuer":{"countryName":"AU","stateOrProvinceName":"Some-State","organizationName":"Internet Widgits Pty Ltd"},"SerialNumber":"01","DigestAlgorithm":"sha1","AuthenticatedAttributes":[{"oid":"spcSpOpusInfo","length":2},{"oid":"contentType","length":12},{"oid":"messageDigest","length":22}],"DigestEncryptionAlgorithm":"rsaEncryption","EncryptedDigest":"67:66:57:73:9b:b5:97:71:8f:7d:7a:6d:75:be:7d:7b:65:af:cd:92:b1:20:d7:fa:0a:f9:ac:32:30:c9:c1:59:a2:18:64:ea:ff:0e:eb:b0:25:68:41:db:29:63:ac:d4:3f:75:92:65:05:61:20:98:43:fa:cd:00:f3:e7:45:89:50:cb:ff:dc:c2:62:7b:a8:97:c0:2f:fb:7c:4c:1d:f5:d7:7a:33:90:0f:02:df:fb:84:e0:b6:3f:2a:2d:63:0e:34:04:0f:8c:3c:77:b6:f3:76:7c:e1:8b:eb:ca:99:68:6e:2d:57:1d:a1:b5:fd:be:03:e7:2e:b3:fa:29:c6:b6:70:c4:38:1d:73:95:e0:a6:00:88:39:a6:49:2e:aa:05:66:e6:7d:16:c9:e9:bc:41:cb:a7:3f:6f:0d:8a:ec:4b:e5:0f:d2:b6:99:8c:d1:78:56:d8:69:d8:61:d8:30:e9:86:c0:8f:57:d7:b3:e8:07:69:45:10:b9:3e:70:ad:f9:d6:18:37:f6:51:9a:2d:78:fe:c3:fa:cc:26:e1:50:9b:61:86:38:92:fd:e5:f8:66:f0:16:3a:9a:8c:96:6e:fb:64:89:0c:ae:29:6b:ac:e1:f0:9c:cc:7a:c9:f5:e0:da:2c:da:1e:94:fd:ac:8e:11:00:3f:fa:83:77:91:e2:16:bf:a8:29:61:88:15:c7:1e:1b:03:1d:d1:cb:28:ea:f7:77:78:b4:3a:b7:3c:e3:84:2d:5a:41:e2:ab:c4:b3:9d:37:ab:41:b9:a0:83:80:e8:34:64:71:46:49:61:b3:05:82:c9:5f:f7:3f:44:44:2b:e0:d2:12:1d:ac:6b:d0:61:74:52:fb:65:3e:1d:65:ca:79:d3:3a:30:b9:be:e4:a6:da:2b:b7:87:36:4a:b6:79:f9:0d:70:35:20:0f:9e:51:72:e6:c5:36:6a:e5:23:fd:c0:27:26:bd:3b:10:b1:aa:1b:71:19:c5:aa:4e:82:01:39:b7:a6:4d:3a:10:39:0a:d6:d2:ea:3b:76:36:4e:e9:e5:80:87:6c:66:30:6e:ff:8d:6b:0a:6d:79:e1:e2:5d:b0:f9:10:b5:7e:05:e8:a2:25:63:42:51:a3:de:c9:e4:0a:17:ac:51:d5:d6:49:d2:cc:bc:55:2d:c3:c8:f1:ae:6e:0e:d8:be:73:b5:9b:87:f2:e5:58:1d:9c:6d:fa:f2:a4:cc:e6:b5:7c:d7:70:6e:19:92:00:47:1d:47:be:7d:e8:3a:20:0d:46:33:f6:79:85:2f:cf:1f:b7:28:2a:1b:c2:59:07:4a:72:b4:35:2d:a3:41:4d:64:4f:54:96:c7:64:0b:b8:d8:a9:b1:d3:5a","UnauthenticatedAttributes":[]}]}}
+{"signature":{}}

-- stderr
WARNING: rz_pkcs7_parse_spcinfo: assertion 'cms' failed (line 675)

@XVilka XVilka added this to the 0.4.1 milestone Aug 23, 2022
@m4drat
Copy link

m4drat commented Aug 23, 2022

@m4drat please check if all the bugs have been patched in this branch

Everything is fine except #2970. I've re-executed rizin on the whole crash corpus and found few more crashing samples: #2970 (comment)

@wargio
Copy link
Member Author

wargio commented Aug 23, 2022
edited
Loading

#2970

fixed them; please check again

@wargio
Copy link
Member Author

wargio commented Aug 23, 2022

Please resend from fuzz- branch

i will do once green

@wargio
Copy link
Member Author

wargio commented Aug 23, 2022
edited
Loading

superseded by #2977

@wargio wargio closed this Aug 23, 2022
@wargio wargio deleted the fix-multiple-vulns branch August 23, 2022 10:18
@wargio wargio removed this from the 0.4.1 milestone Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XVilka XVilka XVilka requested changes

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@thestr4ng3r thestr4ng3r Awaiting requested review from thestr4ng3r thestr4ng3r is a code owner

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

Assignees
No one assigned
Labels
API DEX DWARF Mach-O PE RzAnalysis RzBin RzCore RzMagic RzUtil
Projects
None yet
Milestone
No milestone
3 participants
@wargio @XVilka @m4drat