Skip to content

Detecting Bug in libtasn1-4.13 by fuzzing.

Description of problem:

program was Killed when running asn1Parser to process a file.

Version of libtasn1 used:

libtasn1-4.13

Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)

Ubuntu

How reproducible:

Steps to Reproduce:

  • intall libtasn1-4.13
  • ./asn1Parser -c id:000000,sig:11,src:000721,op:havoc,rep:2

Note that: id:000000,sig:11,src:000721,op:havoc,rep:2 is in the attachment named Bug1-POC

Expected results:

stly@ubuntu:~/Documents/TargetFuzz/Benchmark/libtasn1-4.13/out-AFL-Org$ ../installed-Org/bin/asn1Parser -c crashes/id\:000000\,sig\:11\,src\:000721\,op\:havoc\,rep\:1234: 
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:23: Warning: UniversalString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:56: Warning: VisibleString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:58: Warning: NumericString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:60: Warning: IA5String is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:62: Warning: TeletexString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:64: Warning: PrintableString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:66: Warning: UniversalString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:92: Warning: VisibleString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:94: Warning: NumericString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:96: Warning: IA5String is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:98: Warning: TeletexString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:100: Warning: PrintableString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:102: Warning: UniversalString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:105: Warning: BMPString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:126: Warning: VisibleString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:128: Warning: NumericString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:130: Warning: IA5String is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:132: Warning: TeletexString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:134: Warning: PrintableString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:136: Warning: UniversalString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:163: Warning: VisibleString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:165: Warning: NumericString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:167: Warning: IA5String is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:169: Warning: TeletexString is a built-in ASN.1 type.
crashes/id:000000,sig:11,src:000721,op:havoc,rep:2:171: Warning: PrintableString is a built-in ASN.1 type.
Killed

In addition, the CPU usage will reach nearly 100%.

Bug1-POCBug1-CrashDump

Edited by stuartly