Created
December 3, 2016 14:10
-
-
Save PMaynard/5f7258d3cf8bb40cc4ac931c11e8150b to your computer and use it in GitHub Desktop.
AddressSanitizer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo !! | |
sudo ./laf | |
[sudo] password for osaka: | |
[>] Allowing traffic to 443 | |
from * | |
[>] Allowing traffic to 80 | |
from * | |
[>] Allowing traffic to * | |
from 127.0.1.1 | |
[>] Allowing traffic to * | |
from 127.0.0.1 | |
[>] Allowing traffic to * | |
from 192.168.0.1 | |
[#] Opening library handle. | |
[#] Unbinding existing nf_queue handler for AF_INET (if any). | |
[#] Binding nfnetlink_queue as nf_queue handler for AF_INET. | |
[#] Binding this socket to queue '0'. | |
[#] Setting copy_packet mode. | |
================================================================= | |
==8015==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe563a9a70 at pc 0x7fec6f6cffbc bp 0x7ffe563a9210 sp 0x7ffe563a8998 | |
WRITE of size 513 at 0x7ffe563a9a70 thread T0 | |
#0 0x7fec6f6cffbb (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x4bfbb) | |
#1 0x7fec6f6d0eb0 in __interceptor___isoc99_vsscanf (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x4ceb0) | |
#2 0x7fec6f6d0fc2 in __isoc99_sscanf (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x4cfc2) | |
#3 0x55a5fb52663e in net_to_pid_name /home/osaka/code/LAF/src/procs.c:81 | |
#4 0x55a5fb5247cf in process_pkt /home/osaka/code/LAF/src/main.c:252 | |
#5 0x55a5fb5259ec in cb /home/osaka/code/LAF/src/main.c:375 | |
#6 0x7fec6f47eeba (/usr/lib/x86_64-linux-gnu/libnetfilter_queue.so.1+0x1eba) | |
#7 0x7fec6d650356 in nfnl_handle_packet (/usr/lib/x86_64-linux-gnu/libnfnetlink.so.0+0x3356) | |
#8 0x55a5fb52611e in main /home/osaka/code/LAF/src/main.c:483 | |
#9 0x7fec6e3be3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0) | |
#10 0x55a5fb523339 in _start (/home/osaka/code/LAF/src/laf+0x7339) | |
Address 0x7ffe563a9a70 is located in stack of thread T0 at offset 1632 in frame | |
#0 0x55a5fb52633f in net_to_pid_name /home/osaka/code/LAF/src/procs.c:50 | |
This frame has 16 object(s): | |
[32, 36) 'd' | |
[96, 100) 'uid' | |
[160, 164) 'timeout' | |
[224, 228) 'local_port' | |
[288, 292) 'rem_port' | |
[352, 356) 'timer_run' | |
[416, 420) 'state' | |
[480, 488) 'inode' | |
[544, 552) 'rxq' | |
[608, 616) 'txq' | |
[672, 680) 'time_len' | |
[736, 744) 'retr' | |
[800, 928) 'rem_addr' | |
[960, 1088) 'local_addr' | |
[1120, 1632) 'more' | |
[1664, 2688) 'line' <== Memory access at offset 1632 partially underflows this variable | |
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext | |
(longjmp and C++ exceptions *are* supported) | |
SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x4bfbb) | |
Shadow bytes around the buggy address: | |
0x10004ac6d2f0: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 | |
0x10004ac6d300: 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 | |
0x10004ac6d310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
=>0x10004ac6d340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 | |
0x10004ac6d350: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x10004ac6d390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
Shadow byte legend (one shadow byte represents 8 application bytes): | |
Addressable: 00 | |
Partially addressable: 01 02 03 04 05 06 07 | |
Heap left redzone: fa | |
Heap right redzone: fb | |
Freed heap region: fd | |
Stack left redzone: f1 | |
Stack mid redzone: f2 | |
Stack right redzone: f3 | |
Stack partial redzone: f4 | |
Stack after return: f5 | |
Stack use after scope: f8 | |
Global redzone: f9 | |
Global init order: f6 | |
Poisoned by user: f7 | |
Container overflow: fc | |
Array cookie: ac | |
Intra object redzone: bb | |
ASan internal: fe | |
Left alloca redzone: ca | |
Right alloca redzone: cb | |
==8015==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment