[Bug 3382] New: Software vulnerabilities detected using ESBMC-WR tool

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 20 14:38:12 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3382

            Bug ID: 3382
           Summary: Software vulnerabilities detected using ESBMC-WR tool
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: janislley at gmail.com

Hello,

2 potential software vulnerabilities were found in code.
To identify this kind of vulnerabilities I used tool ESBMC-WR:
https://github.com/thalestas/esbmc-wr

Please, check the logs of analysis:

Issue #1
--------

State 2 file syserr.c line 4 function strerror thread 0
----------------------------------------------------
errnum = -2147483648 (10000000 00000000 00000000 00000000)

State 3 file syserr.c line 108 function strerror thread 0
----------------------------------------------------
Violated property:
file syserr.c line 108 function strerror
array bounds violated: array `sys_errlist' lower bound
(signed long int)errnum >= 0

Issue #2
--------

State 3 file utimensattest.c line 46 function fail thread 0
----------------------------------------------------
saved_errno = -2147483648 (10000000 00000000 00000000 00000000)

State 4 file syserr.c line 4 function strerror thread 0
----------------------------------------------------
errnum = -2147483648 (10000000 00000000 00000000 00000000)

State 5 file syserr.c line 108 function strerror thread 0
----------------------------------------------------
Violated property:
file syserr.c line 108 function strerror
array bounds violated: array `sys_errlist' lower bound
(signed long int)errnum >= 0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list