Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed heap OOB read in ld_preload_fuzz.so:select() #26

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hazimeh
Copy link

@hazimeh hazimeh commented Jun 13, 2023

Some applications (e.g. OpenSSH) may not allocate a full fd_set, but rather just enough to fit nfds bits.

This behavior is observed in the OpenSSH version included with ProFuzzBench:
https://github.com/vegard/openssh-portable/blob/58b8cfa2a062b72139d7229ae8de567f55776f24/sshd.c#L1125

It is thus only safe to copy as many fd_mask chunks from the input as guaranteed by the given nfds argument.

Some applications (e.g. OpenSSH) may not allocate a full fd_set,
but rather just enough to fit nfds bits.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant