Archive

Archive for July, 2014

CVE-2014-4715 Analysis

July 11, 2014 Leave a comment

Its a integer overflow vulnerability in┬áLZ4 ‘lz4.c’. if we see the patch at https://code.google.com/p/lz4/source/diff?spec=svn119&r=119&format=side&path=/trunk/lz4.c

they have added following conditions:

/* overflow detection */
926 if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
927 if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */

 

//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
967 if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */

as you may have figured out, we are adding some value to variable ip and then we are checking if some is less then the value of ip. this will be only true in case of integer overflow.simillar check is added for op variable.

 

Thanks,

Hardik

Categories: 0 day analysis
%d bloggers like this: