Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#67531 - [fcrackzip] buffer overflow

Attached to Project: Community Packages
Opened by Alexandre ZANNI (noraj) - Saturday, 08 August 2020, 15:21 GMT
Last edited by freswa (frederik) - Saturday, 08 August 2020, 16:08 GMT
Task Type Bug Report
Category Packages
Status Assigned
Assigned To Filipe LaĆ­ns (FFY00)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No

Details

Description:

When trying to crack a zip, it end in a BoF:
*** buffer overflow detected ***: terminated
[1] 27988 abort (core dumped)

Additional info:
* package version(s): 1.0-6

Steps to reproduce:

fcrackzip -D -p /usr/share/wordlists/password/rockyou.txt my.zip
This task depends upon

Comment by Alexandre ZANNI (noraj) - Saturday, 08 August 2020, 15:26 GMT
Manually compiling the binary and it works without crashing. Was it built old libs?

```
$ ldd /tmp/fcrackzip-1.0/fcrackzip
linux-vdso.so.1 (0x00007fff925cc000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007fbda5949000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fbda5b69000)
```

```
$ ldd /usr/bin/fcrackzip
linux-vdso.so.1 (0x00007fff18b1f000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f78b905d000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f78b927d000)
```

```
strace fcrackzip -D -p /usr/share/wordlists/password/rockyou.txt my.zip
execve("/usr/bin/fcrackzip", ["fcrackzip", "-D", "-p", "/usr/share/wordlists/password/ro"..., "my.zip"], 0x7ffdebea2360 /* 74 vars */) = 0
brk(NULL) = 0x5639af2f6000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffe552921e0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=281360, ...}) = 0
mmap(NULL, 281360, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f854efac000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@q\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\346~\200\347\6\31qw\t\343\30\16U*\21\242"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2146832, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f854efaa000
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\346~\200\347\6\31qw\t\343\30\16U*\21\242"..., 68, 880) = 68
mmap(NULL, 1860456, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f854ede3000
mprotect(0x7f854ee08000, 1671168, PROT_NONE) = 0
mmap(0x7f854ee08000, 1363968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f854ee08000
mmap(0x7f854ef55000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x172000) = 0x7f854ef55000
mmap(0x7f854efa0000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bc000) = 0x7f854efa0000
mmap(0x7f854efa6000, 13160, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f854efa6000
close(3) = 0
arch_prctl(ARCH_SET_FS, 0x7f854efab580) = 0
mprotect(0x7f854efa0000, 12288, PROT_READ) = 0
mprotect(0x5639ae166000, 4096, PROT_READ) = 0
mprotect(0x7f854f01c000, 4096, PROT_READ) = 0
munmap(0x7f854efac000, 281360) = 0
writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3*** buffer overflow detected ***: terminated
) = 45
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f854f01b000
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 31717
gettid() = 31717
tgkill(31717, 31717, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=31717, si_uid=1000} ---
+++ killed by SIGABRT (core dumped) +++
[1] 31714 abort (core dumped) strace fcrackzip -D -p /usr/share/wordlists/password/rockyou.txt
```

Loading...