Command: ./rsacvt $POC
POC :- https://github.com/Loginsoft-Research/libgcrypt/blob/master/rsacvt_POC?raw=true
Asan:
================================================================= ==23073==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000208 at pc 0x7f4a8bfd021a bp 0x7fffebda4010 sp 0x7fffebda4000 READ of size 8 at 0x602000000208 thread T0 #0 0x7f4a8bfd0219 in _gcry_mpi_tdiv_qr /libgcrypt/mpi/mpi-div.c:209 #1 0x7f4a8bfd383f in _gcry_mpi_fdiv_qr /libgcrypt/mpi/mpi-div.c:104 #2 0x7f4a8bfd383f in _gcry_mpi_fdiv_q /libgcrypt/mpi/mpi-div.c:89 #3 0x7f4a8bfd383f in _gcry_mpi_div /libgcrypt/mpi/mpi-div.c:349 #4 0x55a85dcb2e05 in compute_missing /libgcrypt/tests/rsacvt.c:226 #5 0x55a85dcb2e05 in main /libgcrypt/tests/rsacvt.c:388 #6 0x7f4a8b598b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #7 0x55a85dcb38c9 in _start (/libgcrypt/tests/rsacvt+0x48c9) 0x602000000208 is located 8 bytes to the left of 8-byte region [0x602000000210,0x602000000218) allocated by thread T0 here: #0 0x7f4a8c1b1b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) #1 0x7f4a8bbe79a4 in do_malloc /libgcrypt/src/global.c:920 #2 0x7f4a8bbe79a4 in _gcry_malloc /libgcrypt/src/global.c:942 #3 0x7f4a8bbe79a4 in _gcry_xmalloc /libgcrypt/src/global.c:1116 #4 0x7f4a8bbe79a4 in _gcry_xcalloc /libgcrypt/src/global.c:1178 SUMMARY: AddressSanitizer: heap-buffer-overflow /libgcrypt/mpi/mpi-div.c:209 in _gcry_mpi_tdiv_qr Shadow bytes around the buggy address: 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff8000: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x0c047fff8010: fa fa 00 fa fa fa 00 fa fa fa fd fa fa fa 00 fa 0x0c047fff8020: fa fa fd fa fa fa 00 fa fa fa fd fa fa fa 00 fa 0x0c047fff8030: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa fd fa =>0x0c047fff8040: fa[fa]00 fa fa fa 00 fa fa fa 00 fa fa fa fa fa 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23073==ABORTING