FTP icon indicating copy to clipboard operation
FTP copied to clipboard

Published 20 hours ago verified publisher icon rovinbhandari

Denial-of-service bug

Open GoldBinocle opened this issue 2 years ago • 1 comments

How to reproduce

Using the prepared patch file reproduce.patch for better illustration.

patch -p1 < reproduce.patch

Compile

make

Start the server

./bin/server/server_ftp.out

Start the client to establish the connection and exit immediately

timeout 1s ./bin/client/client_ftp.out

Then, the server will crash with AddressSanitizer report:

=================================================================
==1199805==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x55ec05154f7e in __interceptor_malloc (/root/projects/FTP/bin/server/server_ftp.out+0xa6f7e) (BuildId: 66b4d91f9c39c73e3399c16f9d667ddf369a1250)
    #1 0x55ec05192071 in serve_client /root/projects/FTP/server_ftp.c:53:41
    #2 0x55ec05191e28 in main /root/projects/FTP/server_ftp.c:40:2
    #3 0x7f6b1e895d09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23d09) (BuildId: b503275bf9fee51581fdceef97533b194035b4f7)

Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x55ec05154f7e in __interceptor_malloc (/root/projects/FTP/bin/server/server_ftp.out+0xa6f7e) (BuildId: 66b4d91f9c39c73e3399c16f9d667ddf369a1250)
    #1 0x55ec0518f917 in client_info_alloc /root/projects/FTP/server_ftp_functions.c:7:49
    #2 0x55ec05191e15 in main /root/projects/FTP/server_ftp.c:39:27
    #3 0x7f6b1e895d09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23d09) (BuildId: b503275bf9fee51581fdceef97533b194035b4f7)

SUMMARY: AddressSanitizer: 520 byte(s) leaked in 2 allocation(s).

Bug analysis

The server use function serve_client to handle each connection from the client: https://github.com/rovinbhandari/FTP/blob/96c1a3543b159427d41b89dd8d64792c83572774/server_ftp.c#L32-L41

In the function serve_client, the memory allocated via malloc is never freed, causing memory leak. https://github.com/rovinbhandari/FTP/blob/96c1a3543b159427d41b89dd8d64792c83572774/server_ftp.c#L53

This bug can cause denial-of-service.

GoldBinocle avatar Jan 01 '23 14:01 GoldBinocle

This bug is in the the NVD https://nvd.nist.gov/vuln/detail/CVE-2023-22551 and causes the dependency check in my devops build pipeline to terminate the build :(

Great package otherwise :)

white-label-development avatar Mar 22 '24 15:03 white-label-development