Headline
CVE-2023-29995: [Bug] Heap-based Buffer Overflow in `mqtt_parser.c` - `copyn_utf8_str()` · Issue #1043 · emqx/nanomq
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
==88333==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7c0f6b in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:387
#3 0x564ecfb348d4 in tcptran_pipe_recv_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/transport/mqtt/broker_tcp.c:766
#4 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#5 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#6 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#7 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7c0f6b in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:387
#3 0x564ecf80390a in nano_pipe_start /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/protocol/mqtt/nmq_mqtt.c:616
#4 0x564ecf7cdc88 in nni_listener_add_pipe /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/socket.c:1601
#5 0x564ecf7be3c1 in listener_accept_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/listener.c:357
#6 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#7 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#8 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#9 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7c0f6b in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:387
#3 0x564ecfb33fa4 in tcptran_pipe_recv_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/transport/mqtt/broker_tcp.c:670
#4 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#5 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#6 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#7 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
Indirect leak of 66 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7bfd46 in nni_chunk_grow /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:158
#3 0x564ecf7c0fbb in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:397
#4 0x564ecfb33fa4 in tcptran_pipe_recv_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/transport/mqtt/broker_tcp.c:670
#5 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#6 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#7 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#8 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7bfd46 in nni_chunk_grow /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:158
#3 0x564ecf7c0fbb in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:397
#4 0x564ecfb348d4 in tcptran_pipe_recv_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/transport/mqtt/broker_tcp.c:766
#5 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#6 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#7 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#8 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7fb518c98a37 in __interceptor_calloc …/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564ecf7d6fb5 in nni_zalloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_alloc.c:26
#2 0x564ecf7bfd46 in nni_chunk_grow /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:158
#3 0x564ecf7c0fbb in nni_msg_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/message.c:397
#4 0x564ecf80390a in nano_pipe_start /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/sp/protocol/mqtt/nmq_mqtt.c:616
#5 0x564ecf7cdc88 in nni_listener_add_pipe /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/socket.c:1601
#6 0x564ecf7be3c1 in listener_accept_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/listener.c:357
#7 0x564ecf7d13af in nni_taskq_thread /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:50
#8 0x564ecf7d2767 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#9 0x564ecf7db91c in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#10 0x7fb518570b42 in start_thread nptl/pthread_create.c:442
SUMMARY: AddressSanitizer: 698 byte(s) leaked in 6 allocation(s).