Description:
libpcre is a perl-compatible regular expression library.
A fuzz on libpcre1 through the pcretest utility revealed a null pointer dereference in the utility itself. For the nature of the crash, it is not security relevant because the library is not affected but if you have a web application that calls directly the pcretest utility to parse untrusted data, then you are affected.
Also, it is important share the details because some distros/packagers may want to take the patch in their repository.
The complete ASan output:
# pcretest -16 -d $FILE ==26399==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000052db1c bp 0x7ffc7de68070 sp 0x7ffc7de67ba0 T0) ==26399==The signal is caused by a READ memory access. ==26399==Hint: address points to the zero page. #0 0x52db1b in main /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcretest.c:5083:25 #1 0x7f70603bc78f in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #2 0x41b438 in _init (/usr/bin/pcretest+0x41b438)
Affected version:
8.40
Fixed version:
8.41 (not released atm)
Commit fix:
https://vcs.pcre.org/pcre/code/trunk/pcretest.c?r1=1685&r2=1686&sortby=date
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
N/A
Reproducer:
https://github.com/asarubbo/poc/blob/master/00195-pcre-nullptr-main
Timeline:
2017-02-22: bug discovered and reported to upstream
2017-02-23: upstream released a patch
2017-03-14: blog post about the issue
Note:
This bug was found with American Fuzzy Lop.
Permalink: