Opened 7 years ago
Closed 3 years ago
#4787 closed defect (fixed)
Buffer Overflow security vulnerability in ParModelica
| Reported by: | Owned by: | Mahder Alemseged Gebremedhin | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | ParModelica | Version: | |
| Keywords: | Cc: |
Description
While looking through the code within the OMCompiler, a buffer overflow vulnerability was identified. This implies a user can change the execution flow of the program by overflowing the options variable using the environment variable "OPENMODELICAHOME".
The link below shows where the options variable (of size 100 chars), has the environment variable "OPENMODELICAHOME" concatenated to it:
https://github.com/OpenModelica/OMCompiler/blob/372119f675c2e26d1aef42f3e7aa84b7979bf3cf/SimulationRuntime/ParModelica/explicit/openclrt/ocl_offcomp.c#L92
If we fill the environment variable with values of size > 300, it will overflow the intended size of the variable and cause a crash in the program. This can then be manipulated to change the execution flow of the program.
Change History (8)
comment:1 by , 7 years ago
| Component: | Backend → ParModelica |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 7 years ago
| Milestone: | Future → 1.13.0 |
|---|---|
| Summary: | Buffer Overflow security vulnerability in OMCompiler → Buffer Overflow security vulnerability in ParModelica |
comment:4 by , 5 years ago
| Milestone: | 1.14.0 → 1.16.0 |
|---|
Releasing 1.14.0 which is stable and has many improvements w.r.t. 1.13.2. This issue is rescheduled to 1.16.0
comment:6 by , 4 years ago
| Milestone: | 1.17.0 → 1.18.0 |
|---|
Retargeted to 1.18.0 because of 1.17.0 timed release.
comment:8 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in 583a32/OpenModelica.
This should naturally be fixed as soon as possible, but the impact is very low since ParModelica is rarely used.