Bug 1652611

Summary: There is an illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:532) in libLAS while will cause dos attack.
Product: [Fedora] Fedora Reporter: shuitao gan <ganshuitao>
Component: liblasAssignee: Sandro Mani <manisandro>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 31CC: devrim
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: liblas-1.8.1-5.fc32 liblas-1.8.1-5.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-25 02:22:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
./las2pg POC2 none

Description shuitao gan 2018-11-22 13:16:24 UTC 
Created attachment 1507937 [details]
./las2pg POC2

version: libLAS2.4
Summary: 

There is an illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:532) in libLAS while will cause dos attack.

Description:

The gdb debug is as follows:

$./las2pg POC2 

ASAN:SIGSEGV
=================================================================
==40202==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fce7b1236fa bp 0x7ffc9bbfdda0 sp 0x7ffc9bbfd528 T0)
    #0 0x7fce7b1236f9 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b6f9)
    #1 0x7fce7b967605 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x70605)
    #2 0x7fce7b47904e in ST_SetKey (/usr/lib/x86_64-linux-gnu/libgeotiff.so.2+0x1704e)
    #3 0x7fce7a4a6749 in liblas::SpatialReference::GetGTIF() /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:532
    #4 0x7fce7a4a8681 in liblas::SpatialReference::SpatialReference(std::vector<liblas::VariableRecord, std::allocator<liblas::VariableRecord> > const&) /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:102
    #5 0x7fce7a4fed58 in liblas::detail::reader::Header::ReadVLRs() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:389
    #6 0x7fce7a50253d in liblas::detail::reader::Header::ReadHeader() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:272
    #7 0x7fce7a44c1f6 in liblas::ReaderFactory::CreateWithStream(std::istream&) /home/company/real_sanitize/libLAS-master/src/factory.cpp:92
    #8 0x7fce7b6cad4f in LASReader_Create /home/company/real_sanitize/libLAS-master/src/c_api.cpp:248
    #9 0x403701 in main /home/company/real_sanitize/libLAS-master/apps/las2pg.c:424
    #10 0x7fce7b0b8a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #11 0x404b88 in _start (/home/company/real_sanitize/libLAS-master/build/install/bin/las2pg+0x404b88)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strlen
==40202==ABORTING
Comment 1 Ben Cotton 2019-08-13 16:57:34 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 2 Ben Cotton 2019-08-13 19:40:27 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.
Comment 3 Fedora Admin XMLRPC Client 2020-03-04 04:18:54 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 4 Fedora Admin XMLRPC Client 2020-04-14 16:43:15 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 5 Fedora Update System 2020-04-14 20:14:15 UTC 
FEDORA-2020-6dbbecb893 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-6dbbecb893
Comment 6 Fedora Update System 2020-04-14 20:14:16 UTC 
FEDORA-2020-b0695fcdf7 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0695fcdf7
Comment 7 Fedora Update System 2020-04-15 19:57:54 UTC 
FEDORA-2020-b0695fcdf7 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b0695fcdf7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0695fcdf7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2020-04-16 19:27:56 UTC 
FEDORA-2020-6dbbecb893 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-6dbbecb893`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6dbbecb893

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2020-04-25 02:22:30 UTC 
FEDORA-2020-6dbbecb893 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2020-04-25 03:00:44 UTC 
FEDORA-2020-b0695fcdf7 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.