Giter Site home page Giter Site logo

blast-dbf's Introduction

blast-dbf

blast-dbf is a command line utility to convert DBC files to DBF (file format from the XBASE family of databases).

The DBC file format is basically a compressed DBF file using the PKWare's Data Compression Library (DCL) "implode" algorithm.

This decompression utility is based on the blast decompressor by Mark Adler [email protected].

##Usage

Just run the blast-dbf command line utility with the input filename (DBC) followed by the output filename (DBF):

    ./blast-dbf input.dbc output.dbf

##Example

    ./blast-dbf < sids.dbc | cmp - sids.dbf

blast-dbf's People

Contributors

eaglebh avatar danicat avatar anishsujanani avatar evandroc avatar orvergon avatar

Stargazers

Raphael Saldanha avatar Iris Herdy avatar Gabriel Pisa avatar avatar Marcus Silva avatar Edinho avatar Abhishek B. avatar Emilio P Egido avatar Pedro Tepedino avatar Vinicius Pereira de Oliveira avatar Alfonso Phocco Diaz avatar Kostiantyn Starovierov avatar Lucas Gallindo avatar EttoreMB avatar Diego Malta avatar Lucas Cavalcanti Rodrigues avatar Sérgio de Vasconcelos Filho avatar Pedro Moraes avatar Douglas Oliveira avatar Ale Farias avatar Willian Menegali avatar Rafael Souza avatar Blabos de Blebe avatar Camila Colares avatar Rodrigo Silva avatar Felipe Cordeiro Caetano avatar Rafael Ferro avatar chencai avatar Álvaro Justen avatar Kayan avatar Yuri Medeiros avatar Leonardo Cesar Borges avatar Damir Bulic avatar avatar

Watchers

Blabos de Blebe avatar Thiago Pinto Dias avatar avatar Andre Almeida avatar

Forkers

evandroc andremesquita danicat cbsevilha alalmeida chencai01 rdemorais silasmouradev thiagopinto kelsoncm rodrigoxrma mpoli lgallindo andre-almeida-numb3rs ochuat anishsujanani

blast-dbf's Issues

Stack overflow causes out-of-bounds write through malformed input file

Malformed input DBC file (attached below) causes out-of-bounds write due to missing check.

Run: (File crash01 zipped and attached below.)
./blast-dbf crash01 /dev/null
File crash01 zipped and attached below.

Gives the output:

blast-dbf.c:66:19: runtime error: variable length array bound evaluates to non-positive value 0
=================================================================
==3684929==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffd8ed60e9f at pc 0x5633cca583c5 bp 0x7ffd8ed60e60 sp 0x7ffd8ed60e50
WRITE of size 1 at 0x7ffd8ed60e9f thread T0
    #0 0x5633cca583c4 in dbc2dbf /home/ub/blast-dbf/blast-dbf.c:70
    #1 0x5633cca48f4e in main /home/ub/blast-dbf/blast-dbf.c:118
    #2 0x7f7765e75d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #3 0x7f7765e75e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #4 0x5633cca49314 in _start (/home/ub/blast-dbf/blast-dbf+0xc314)

Address 0x7ffd8ed60e9f is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/ub/blast-dbf/blast-dbf.c:70 in dbc2dbf
Shadow bytes around the buggy address:
  0x100031da4180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da4190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da41a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da41b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da41c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100031da41d0: ca ca ca[ca]cb cb cb cb 00 00 00 00 00 00 00 00
  0x100031da41e0: 00 00 00 00 f1 f1 f1 f1 02 f3 f3 f3 00 00 00 00
  0x100031da41f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da4210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031da4220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==3684929==ABORTING

Crash analysis:
The issue is on blast-dbf.c:70:

buf[header-1] = 0x0D;

With a specially crafted DBC file, I can force the header to evaluate to 0, causing 0x0D to be written to buf[-1] which is an out-of-bounds write. This crashes the program and may lead to denial of service for downstream services. I will raise a PR to fix this and a CVE to account for this bug as there are multiple downstream projects in multiple languages (Python, R from what I've seen) that make use of this code.

crash01.zip

License

Hi everyone!

I would like to know what's the license of this project? I'm planing to create a conda-package for this project and I need this information.

Thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.