Description:
WiRouterKeyRec is a recovery tool for wpa passphrase.
A crafted AGPF config shows the presence of a signed shift in agpf_check_agpf
The complete UBSan output:
# WiRouterKeyRec --config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 - (C) 2011 Salvatore Fresta http://www.salvatorefresta.net src/agpf.c:466:45: runtime error: left shift of 142 by 24 places cannot be represented in type 'int'
Affected version:
1.1.2
Fixed version:
N/A
Commit fix:
N/A
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
Timeline:
2016-08-08: bug discovered
2016-08-08: bug reported to upstream
2016-08-08: blog post about the issue
Note:
This bug was found with American Fuzzy Lop.
Permalink: