Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: adapterAddresses() buffer overflow on Windows #53392

Closed
iamacarpet opened this issue Jun 15, 2022 · 2 comments
Closed

net: adapterAddresses() buffer overflow on Windows #53392

iamacarpet opened this issue Jun 15, 2022 · 2 comments

Comments

@iamacarpet
Copy link

iamacarpet commented Jun 15, 2022

What version of Go are you using (go version)?

$ go version
go version go1.18.3 windows/amd64

Does this issue reproduce with the latest release?

Yes, code is still in the master branch

What operating system and processor architecture are you using (go env)?

windows/amd64

What did you do?

I'm trying to implement a more native interface for GetAdaptersInfo and I'm using your call for GetAdaptersAddresses as a starting point.

What did you expect to see?

I expected to see you allocating a buffer for the Windows API to load the data into, as requested by the Microsoft docs:

The application that calls the GetAdaptersAddresses function must allocate the amount of memory needed to return the IP_ADAPTER_ADDRESSES structures pointed to by the AdapterAddresses parameter.

https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getadaptersaddresses#remarks

What did you see instead?

You are allocating a 1 byte buffer, while telling the Windows API the buffer is 15000 bytes in size.

I haven't been able to prove memory corruption, but we aren't using this functionality in production, or outside of a basic test script.

If the Microsoft docs are to be believed, when calling the API using this function, it will write the data structures into the next 15000 bytes of application memory, starting at the pointer address denoting the start of our 1 byte buffer slice, which should (as far as I can tell), lead to silent memory corruption.

@iamacarpet iamacarpet changed the title net: adapterAddresses() on Windows net: adapterAddresses() buffer overflow on Windows Jun 15, 2022
@seankhliao
Copy link
Member

The allocation is make([]byte, l), note that is l (lowercase L) not 1.

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Jun 15, 2022
@iamacarpet
Copy link
Author

F*ck I'm an idiot, thanks so much for pointing that out :)

@golang golang locked and limited conversation to collaborators Jun 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants