You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
2005 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Kristis M. <kri...@as...> - 2005-02-27 19:21:09
|
Hello, It appears that there is a buffer overflow problem in libdisasm. This was discovered using mpatrol and a random .bin file (attached). mpatr= ol reports (at the end of this email) that a memory allocation was given= a pointer to a buffer that is corrupted before any data were written to it. This was produced using bastard_src-0.17. Is there a fix ? Is this project active or should I stop bothering ? Thanks, Kristis $ dd if=3D/dev/random of=3Dtest.bin bs=3D1 count=3D100 100+0 records = in 100+0 records out 100 bytes transferred in 0.000747 seconds (133890 bytes/sec) $ mpatrol -g -i -C --dynamic --leak-table --alloc-byte=3D0x66 --oflow-byte=3D0x79 --oflow-size=3D64 ./testdis test.bin File name: test.bin 0 1C 14 ;invariant bytes (signature) 0 1C 14 sbb %(null), $0x14 2 31 A4 57 5B D7 18 E7 ;invariant bytes (signature) 2 31 A4 57 5B D7 18 E7 xor -18E728A5(%edi, % edx,02), %(null) 9 2B 72 5A ;invariant bytes (signature) 9 2B 72 5A sub %(null), 5A(%edx) C 94 ;invariant bytes (signature) C 94 xchg %(null), %(nu= ll) D 3F ;invariant bytes (signature) D 3F aas E 66 EA F4 F4 F4 F4 ;invariant bytes (signature) E 66 EA 9D 7D DF A5 jmp *0xA5DF7D9D 14 28 71 1E ;invariant bytes (signature) 14 28 71 1E sub 1E(%ecx), %(null) 17 DB 87 95 83 6B F5 ;invariant bytes (signature) 17 DB 87 95 83 6B F5 fild -0A947C6B(%ed= i) 1D 63 E8 ;invariant bytes (signature) 1D 63 E8 arpl %(null), %(nu= ll) 1F D9 ;invariant bytes (signature) 1F invalid opcode D9 20 D9 93 58 0E 24 B7 ;invariant bytes (signature) 20 D9 93 58 0E 24 B7 fst -48DBF1A8(%ebx) 26 44 ;invariant bytes (signature) 26 44 inc %(null) 27 DF ;invariant bytes (signature) 27 invalid opcode DF 28 08 71 FF ;invariant bytes (signature) 28 08 71 FF or -01(%ecx), %(null) 2B 89 4B 90 ;invariant bytes (signature) 2B 89 4B 90 mov -70(%ebx), %(null) 2E 7A 18 ;invariant bytes (signature) 2E 7A 18 jpe +0x18 30 15 F4 F4 F4 F4 ;invariant bytes (signature) 30 15 4C 14 9A 96 adc %(null), $-0x969A144C 35 A7 ;invariant bytes (signature) 35 A7 cmpsd %(null), %(nu= ll) 36 7C E4 ;invariant bytes (signature) 36 7C E4 jl +0xE4 38 71 88 ;invariant bytes (signature) 38 71 88 jno +0x88 3A FB ;invariant bytes (signature) 3A FB sti 3B 6B B0 83 A0 7D 20 90 ;invariant bytes (signature) 3B 6B B0 83 A0 7D 20 90 imul %(null), 207DA083(%eax), $-0xFFFFFF90 42 50 ;invariant bytes (signature) 42 50 push %(null) 43 E9 F4 F4 F4 F4 ;invariant bytes (signature) 43 E9 D6 77 A4 9B jmp +0x9BA477D6 48 F9 ;invariant bytes (signature) 48 F9 stc 49 5B ;invariant bytes (signature) 49 5B pop %(null) 4A AA ;invariant bytes (signature) 4A AA stosb %(null), %(nu= ll) 4B 32 FF ;invariant bytes (signature) 4B 32 FF xor %(null), %(null) 4D C9 ;invariant bytes (signature) 4D C9 leave 4E 51 ;invariant bytes (signature) 4E 51 push %(null) 4F 49 ;invariant bytes (signature) 4F 49 dec %(null) 50 10 7A 0E ;invariant bytes (signature) 50 10 7A 0E adc 0E(%edx), %(null) 53 66 3F ;invariant bytes (signature) 53 66 3F aas 55 2C 64 ;invariant bytes (signature) 55 2C 64 sub %(null), $0x64 57 E4 36 ;invariant bytes (signature) 57 E4 36 in %(null), $0x36 59 04 68 ;invariant bytes (signature) 59 04 68 add %(null), $0x68 5B 25 F4 F4 F4 F4 ;invariant bytes (signature) 5B 25 05 4B B1 A2 and %(null), $-0xA2B14B05 60 A9 F4 F4 F4 F4 ;invariant bytes (signature) 60 A9 48 A4 5F 00 test %(null), $0x5FA448 (2148)12:11:46[mkgnu@syd:~/incoming/bastard_src-0.17/src/arch/i386/li= bdisasm]$ more mpatrol.21399.log @(#) mpatrol 1.4.8 (02/01/08) Copyright (C) 1997-2002 Graeme S. Roy This is free software, and you are welcome to redistribute it under certain conditions; see the GNU Library General Public License for details. For the latest mpatrol release and documentation, visit http://www.cbmamiga.demon.co.uk/mpatrol. operating system: UNIX system variant: Linux processor architecture: Intel 80x86 processor word size: 32-bit object file format: ELF32 dynamic linker type: SVR4 Log file generated on Sun Feb 27 12:11:46 2005 read 77 symbols from ./testdis LOG: check () [-|-|-] 0x400457FE ??? 0x4000C4F6 ??? 0x40095A52 ??? 0x4007FDCE ??? 0x08048661 _start+33 system page size: 4096 bytes default alignment: 4 bytes overflow size: 64 bytes overflow byte: 0x79 allocation byte: 0x66 free byte: 0x55 allocation stop: 0 reallocation stop: 0 free stop: 0 unfreed abort: 0 small boundary: 32 bytes medium boundary: 256 bytes large boundary: 2048 bytes lower check range: 0 upper check range: 0 check frequency: 1 failure frequency: 0 failure seed: 1109531506 prologue function: <unset> epilogue function: <unset> handler function: <unset> log file: mpatrol.21399.log profiling file: mpatrol.21399.out tracing file: mpatrol.21399.trace program filename: ./testdis symbols read: 77 autosave count: 0 freed queue size: 0 allocation count: 29 allocation peak: 18 (6371 bytes) allocation limit: 0 bytes allocated blocks: 15 (755 bytes) marked blocks: 0 (0 bytes) freed blocks: 0 (0 bytes) free blocks: 9 (9613 bytes) internal blocks: 8 (131072 bytes) total heap usage: 143360 bytes total compared: 0 bytes total located: 0 bytes total copied: 1547 bytes total set: 6860 bytes total warnings: 0 total errors: 0 ERROR: [ALLOVF]: allocation 0x08061080 has a corrupted overflow buffe= r at 0x080610A4 0x0806109C 79797979 79797979 00000000 79797979 yyyyyyyy....yyyy 0x080610AC 79797979 79797979 79797979 79797979 yyyyyyyyyyyyyyyy 0x080610BC 79797979 79797979 79797979 79797979 yyyyyyyyyyyyyyyy 0x080610CC 79797979 79797979 79797979 79797979 yyyyyyyyyyyyyyyy 0x08061080 (28 bytes) {calloc:15:0} [-|-|-] 0x08049C1C x86_old_disasm_addr+496 0x080488A0 main+400 0x4007FDC6 ??? 0x08048661 _start+33 |
From: Robert S. <de...@gm...> - 2002-09-03 14:59:07
|
Hi, when trying to compile the 0.16 source version of bastard, the process fails, complaining about missing files readline.h and history.h - what can I do about that? Thanks Archer |
From: Michael M. <ma...@lo...> - 2001-04-27 10:14:32
|
This ones seems to be alright, perhaps even a beta. String and function recognition work, xrefs go great, and the assembly output has been cleaned up. Plus the makefile had a bit of a facelift, so it should actually do what it's supposed to now. _m __________________________________________________________m get your kickass web-based email : https://mail.lokmail.net |