30 Days of Bugs: Day 10
Welcome to "30 Days of Bugs," a campaign by 3Flatline, a startup that's all about making code safer. Our product, the Dixie Code Scanner, enabled by AI and machine learning (but also lots of normal and boring regular processes) to catch vulnerabilities that other tools miss. It doesn’t just find bugs—it also suggests fixes and writes test code to see if those vulnerabilities can be exploited. We're sharing a new bug every day from open-source projects to show just how powerful the Dixie Code Scanner is. These are real bugs that other tools didn't catch, highlighting that our scanner can make a real difference for developers and security researchers.
This is real output from our code scanner, minus the “tests” or code to help exploit the vulnerability (for obvious reasons). One day, we hope that we can stop prioritizing bugs based on CVEs and just automatically fix security vulnerabilities. Until then, we leverage the below output to reduce the amount of time you spend validating false positives or figuring out what your scanner is telling you.
And yes, for all you sneaky researchers out there: we have an offline version including LLM that can be run locally, or deploy into your tenant to keep you code secret and safe.
If you want to learn more, check out https://3flatline.ai or reach out to me here on LinkedIn. I’m happy to talk or give out free trial codes!
Today’s bug showcases Dixie's ability to work on assembly languages and comes from . . .
Improper Input Validation in wifi driver in Mircotik routerOS.
File:
routeros-7.15.3-arm64/fileSystem/bndl/wifi/nova/bin/ww2
领英推荐
Code Description:
The code defines a member function named get within the Packet class of the radius namespace. This function takes four parameters: two unsigned 32-bit integers (`arg1` and arg2), a pointer to a string (`arg3`), and another unsigned 32-bit integer (`arg4`). The function appears to be designed to retrieve or process some data related to a packet, but instead of implementing any logic, it makes a tail call to itself, effectively creating a recursive loop. This could lead to infinite recursion unless there is an external mechanism to break the cycle, as there is no base case or termination condition provided in the code snippet. The return type of the function is int32_t, indicating that it is expected to return a signed 32-bit integer value, but the current implementation does not provide a meaningful return value.
Vuln Class: Improper Input Validation
Summary:
return radius::Packet::get(arg1, arg2, arg3, arg4);
The function get is recursively calling itself without any validation on the input parameters arg1, arg2, arg3, and arg4. If these parameters are not properly validated before the recursive call, it can lead to issues such as infinite recursion or stack overflow if the function is called with certain values. For instance, if arg1 or arg2 are set to values that cause the function to enter an infinite loop, the program will eventually crash due to stack exhaustion. Proper input validation should be implemented to ensure that the parameters meet expected criteria before proceeding with the recursive call.
Assessment:
Report: True
Confidence Level: Medium confidence.
The report accurately identifies the lack of input validation in the recursive function call, which can lead to infinite recursion or stack overflow. However, the specific conditions under which this occurs depend on the broader context of how the function is used, which is not provided in the code snippet.