Skip to content

Invalid read and unitialized data issue detected in Remoted #3989

Closed
Closed
Invalid read and unitialized data issue detected in Remoted#3989
Assignees
vikman90
Labels
module/remotetype/bugSomething isn't working
Milestone
Sprint - 100
@vikman90

Description

@vikman90
vikman90
opened on Sep 19, 2019
Wazuh version Component Install type Install method Platform
3.10.0 Remoted Manager Any Linux

Invalid integer read

==9220== Invalid read of size 4
==9220==    at 0x11ADCB: rem_getCounter (netcounter.c:45)
==9220==    by 0x11BFC0: rem_handler_main (secure.c:240)
==9220==    by 0x4E39FA2: start_thread (pthread_create.c:486)
==9220==    by 0x4F4E4CE: clone (clone.S:95)
==9220==  Address 0x57c0560 is 464 bytes inside a block of size 1,760 free'd
==9220==    at 0x48369AB: free (vg_replace_malloc.c:530)
==9220==    by 0x4F29725: free_dfa_content (regcomp.c:614)
==9220==    by 0x4F29725: free_dfa_content (regcomp.c:594)
==9220==    by 0x4F33480: regfree (regcomp.c:650)
==9220==    by 0x1BF717: OS_PRegex (regex_op.c:34)
==9220==    by 0x14839D: OS_IsValidIP (validate_op.c:318)
==9220==    by 0x1318EC: OS_AddKey (keys.c:82)
==9220==    by 0x132523: OS_ReadKeys (keys.c:292)
==9220==    by 0x11B9FE: HandleSecure (secure.c:129)
==9220==    by 0x11B520: HandleRemote (remoted.c:117)
==9220==    by 0x11DEFD: main (main.c:209)
==9220==  Block was alloc'd at
==9220==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==9220==    by 0x4F31E0E: init_dfa (regcomp.c:871)
==9220==    by 0x4F31E0E: re_compile_internal (regcomp.c:771)
==9220==    by 0x4F3337B: regcomp (regcomp.c:497)
==9220==    by 0x1BF6B1: OS_PRegex (regex_op.c:27)
==9220==    by 0x14839D: OS_IsValidIP (validate_op.c:318)
==9220==    by 0x1318EC: OS_AddKey (keys.c:82)
==9220==    by 0x132523: OS_ReadKeys (keys.c:292)
==9220==    by 0x11B9FE: HandleSecure (secure.c:129)
==9220==    by 0x11B520: HandleRemote (remoted.c:117)
==9220==    by 0x11DEFD: main (main.c:209)

Uninitialized data read

==9220== Conditional jump or move depends on uninitialised value(s)
==9220==    at 0x11BFD1: rem_handler_main (secure.c:241)
==9220==    by 0x4E39FA2: start_thread (pthread_create.c:486)
==9220==    by 0x4F4E4CE: clone (clone.S:95)
==9220==  Uninitialised value was created by a heap allocation
==9220==    at 0x4837D7B: realloc (vg_replace_malloc.c:826)
==9220==    by 0x11AC5F: rem_setCounter (netcounter.c:34)
==9220==    by 0x11C8C7: _close_sock (secure.c:443)
==9220==    by 0x11BEA3: HandleSecure (secure.c:210)
==9220==    by 0x11B520: HandleRemote (remoted.c:117)
==9220==    by 0x11DEFD: main (main.c:209)

Cause

  1. The former issue was due to a missing array size checking in the message counter library. In most cases, Remoted would try to read before writing.
  2. The latter means that the array is not being correctly initialized during an expansion.

Metadata

Metadata

Assignees

Labels

module/remotetype/bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions