Context Navigation

← Previous Ticket
Next Ticket →

#4787 closed defect (fixed)

Buffer Overflow security vulnerability in ParModelica

Reported by:	sajeeb.lohani@…	Owned by:	mahge930
Priority:	high	Milestone:
Component:	ParModelica	Version:
Keywords:		Cc:

Description

While looking through the code within the OMCompiler, a buffer overflow vulnerability was identified. This implies a user can change the execution flow of the program by overflowing the options variable using the environment variable "OPENMODELICAHOME".

The link below shows where the options variable (of size 100 chars), has the environment variable "OPENMODELICAHOME" concatenated to it:
https://github.com/OpenModelica/OMCompiler/blob/372119f675c2e26d1aef42f3e7aa84b7979bf3cf/SimulationRuntime/ParModelica/explicit/openclrt/ocl_offcomp.c#L92

If we fill the environment variable with values of size > 300, it will overflow the intended size of the variable and cause a crash in the program. This can then be manipulated to change the execution flow of the program.

Change History (8)

comment:1 Changed 6 years ago by perost

Component changed from Backend to ParModelica
Owner changed from lochel to mahge930
Status changed from new to assigned

comment:2 Changed 6 years ago by sjoelund.se

Milestone changed from Future to 1.13.0
Summary changed from Buffer Overflow security vulnerability in OMCompiler to Buffer Overflow security vulnerability in ParModelica

This should naturally be fixed as soon as possible, but the impact is very low since ParModelica is rarely used.