From 874245e8df93e5ec53ab2dbba75092697f7cb466 Mon Sep 17 00:00:00 2001 From: Nikita Kryukov <25217914+Cravtos@users.noreply.github.com> Date: Wed, 15 May 2024 17:25:26 +0700 Subject: [PATCH 1/4] Check socket address size --- auparse/sockaddr.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/auparse/sockaddr.go b/auparse/sockaddr.go index 874cbcf..059d7dd 100644 --- a/auparse/sockaddr.go +++ b/auparse/sockaddr.go @@ -18,10 +18,20 @@ package auparse import ( + "errors" "strconv" ) +var ( + // errInvalidSockAddrSize means socket address size is invalid. + errInvalidSockAddrSize = errors.New("invalid socket address size") +) + func parseSockaddr(s string) (map[string]string, error) { + if len(s) < 4 { + return nil, errInvalidSockAddrSize + } + addressFamily, err := hexToDec(s[2:4] + s[0:2]) // host-order if err != nil { return nil, err @@ -38,6 +48,10 @@ func parseSockaddr(s string) (map[string]string, error) { out["family"] = "unix" out["path"] = socket case 2: // AF_INET + if len(s) < 16 { + return nil, errInvalidSockAddrSize + } + port, err := hexToDec(s[4:8]) if err != nil { return nil, err @@ -52,6 +66,10 @@ func parseSockaddr(s string) (map[string]string, error) { out["addr"] = ip out["port"] = strconv.Itoa(int(port)) case 10: // AF_INET6 + if len(s) < 48 { + return nil, errInvalidSockAddrSize + } + port, err := hexToDec(s[4:8]) if err != nil { return nil, err From b5915b875ccbc2e8191277f94446f42dad621cc7 Mon Sep 17 00:00:00 2001 From: Nikita Kryukov <25217914+Cravtos@users.noreply.github.com> Date: Wed, 15 May 2024 20:05:42 +0700 Subject: [PATCH 2/4] Add fuzz test for `parseSockaddr` --- CHANGELOG.md | 2 ++ auparse/sockaddr_test.go | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e2a1b4..b8b88c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Changed +- Fix panic in `parseSockaddr` for malformed socket address. [#152](https://github.com/elastic/go-libaudit/pull/152) + ### Removed ### Deprecated diff --git a/auparse/sockaddr_test.go b/auparse/sockaddr_test.go index 9f2c1c0..000e0f2 100644 --- a/auparse/sockaddr_test.go +++ b/auparse/sockaddr_test.go @@ -56,3 +56,20 @@ func TestParseSockaddr(t *testing.T) { assert.Equal(t, tc.data, data) } } + +func FuzzParseSockaddr(f *testing.F) { + corpus := []string{ + "02000050080808080000000000000000", + "0A000050000000002607F8B0400C0C06000000000000006700000000", + "01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "0A00084300000000000000000000000000000000000000000000000000000000281E7423FD7F0000C05034088F7F000007000000000000001E2D440000000000000000000000000060D758078F7F00000300000000000000C00F020000000000000000000000000005202302000000000200000000000000FFFFFFFFFFFFFFFF", + } + + for _, seed := range corpus { + f.Add(seed) + } + + f.Fuzz(func(t *testing.T, saddr string) { + _, _ = parseSockaddr(saddr) // Fuzz for panics + }) +} From 511aa3344429a98dbb1688569f2ea7720f94978b Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Mon, 20 May 2024 16:02:22 -0400 Subject: [PATCH 3/4] gofumpt --extra --- auparse/sockaddr.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/auparse/sockaddr.go b/auparse/sockaddr.go index 059d7dd..63e4122 100644 --- a/auparse/sockaddr.go +++ b/auparse/sockaddr.go @@ -22,10 +22,8 @@ import ( "strconv" ) -var ( - // errInvalidSockAddrSize means socket address size is invalid. - errInvalidSockAddrSize = errors.New("invalid socket address size") -) +// errInvalidSockAddrSize means socket address size is invalid. +var errInvalidSockAddrSize = errors.New("invalid socket address size") func parseSockaddr(s string) (map[string]string, error) { if len(s) < 4 { From b1c59940902c06e1af445b180507a1af00ebd0bb Mon Sep 17 00:00:00 2001 From: Nikita Kryukov <25217914+Cravtos@users.noreply.github.com> Date: Tue, 21 May 2024 15:40:12 +0700 Subject: [PATCH 4/4] Add `size` and `family` to `invalidSockAddrError` --- auparse/sockaddr.go | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/auparse/sockaddr.go b/auparse/sockaddr.go index 63e4122..aad1b1f 100644 --- a/auparse/sockaddr.go +++ b/auparse/sockaddr.go @@ -18,16 +18,26 @@ package auparse import ( - "errors" + "fmt" "strconv" ) -// errInvalidSockAddrSize means socket address size is invalid. -var errInvalidSockAddrSize = errors.New("invalid socket address size") +// invalidSockAddrError means socket address size for family is invalid. +type invalidSockAddrError struct { + family string + size int +} + +func (e invalidSockAddrError) Error() string { + if e.size < 4 { + return fmt.Sprintf("invalid family: too short: %d", e.size) + } + return fmt.Sprintf("invalid socket address size family=%s: %d", e.family, e.size) +} func parseSockaddr(s string) (map[string]string, error) { if len(s) < 4 { - return nil, errInvalidSockAddrSize + return nil, invalidSockAddrError{size: len(s)} } addressFamily, err := hexToDec(s[2:4] + s[0:2]) // host-order @@ -47,7 +57,10 @@ func parseSockaddr(s string) (map[string]string, error) { out["path"] = socket case 2: // AF_INET if len(s) < 16 { - return nil, errInvalidSockAddrSize + return nil, invalidSockAddrError{ + family: "ipv4", + size: len(s), + } } port, err := hexToDec(s[4:8]) @@ -65,7 +78,10 @@ func parseSockaddr(s string) (map[string]string, error) { out["port"] = strconv.Itoa(int(port)) case 10: // AF_INET6 if len(s) < 48 { - return nil, errInvalidSockAddrSize + return nil, invalidSockAddrError{ + family: "ipv6", + size: len(s), + } } port, err := hexToDec(s[4:8])