Bug: Stack-buffer-overflow on SendingMessage::SendingMessage(scenario*, char const*, bool) in src/message.cpp

**env**
System version：**ubuntu 20.04**

**Build**

1. Initialize submodule：
```
git submodule update –init
```
2. Generate Makefile
`mkdir build && cd build`
`cmake .. -DCMAKE_CXX_COMPILER=/path/to/aflnet/afl-clang-fast++ -DCMAKE_C_COMPILER=/path/to/aflnet/afl-clang-fast`
3. Compile the source
`make `

**Attack**

1. Starting the sipp with valgrind
`valgrind sipp 127.0.0.1  -sf /path/to/sipp/docs/uac.xml  -i 127.0.0.1 -p 5099 -m 100 -d 1000`
2. Sending the Packet
`/path/to/aflnet/aflnet-replay poc SIP 5099`

**Description**
Here is the valgrind report:
```
==2631907== Conditional jump or move depends on uninitialised value(s)
==2631907==    at 0x47DA51: SendingMessage::SendingMessage(scenario*, char const*, bool) (src/message.cpp:246)
==2631907==    by 0x4A509A: scenario::scenario(char*, int) (src/scenario.cpp:849)
==2631907==    by 0x50218B: main (src/sipp.cpp:1748)
==2631907== 
==2631907== Conditional jump or move depends on uninitialised value(s)
==2631907==    at 0x47DA51: SendingMessage::SendingMessage(scenario*, char const*, bool) (src/message.cpp:246)
==2631907==    by 0x42D1CA: init_default_messages() (src/call.cpp:2291)
==2631907==    by 0x502E02: main (src/sipp.cpp:2086)
==2631907== 
==2631907== Conditional jump or move depends on uninitialised value(s)
==2631907==    at 0x47DA51: SendingMessage::SendingMessage(scenario*, char const*, bool) (src/message.cpp:246)
==2631907==    by 0x42D42D: init_default_messages() (src/call.cpp:2291)
==2631907==    by 0x502E02: main (src/sipp.cpp:2086)
==2631907== 
==2631907== 
==2631907== HEAP SUMMARY:
==2631907==     in use at exit: 1,031,619 bytes in 3,288 blocks
==2631907==   total heap usage: 6,105 allocs, 2,817 frees, 1,640,046 bytes allocated
==2631907== 
==2631907== LEAK SUMMARY:
==2631907==    definitely lost: 144 bytes in 2 blocks
==2631907==    indirectly lost: 462,354 bytes in 3,120 blocks
==2631907==      possibly lost: 0 bytes in 0 blocks
==2631907==    still reachable: 569,121 bytes in 166 blocks
==2631907==         suppressed: 0 bytes in 0 blocks
==2631907== Rerun with --leak-check=full to see details of leaked memory
==2631907== 
==2631907== Use --track-origins=yes to see where uninitialised values come from
==2631907== For lists of detected and suppressed errors, rerun with: -s
==2631907== ERROR SUMMARY: 53 errors from 3 contexts (suppressed: 0 from 0)
```

[sipp-poc.zip](https://github.com/user-attachments/files/19045899/sipp-poc.zip)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug: Stack-buffer-overflow on SendingMessage::SendingMessage(scenario, char const, bool) in src/message.cpp #779

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bug: Stack-buffer-overflow on SendingMessage::SendingMessage(scenario*, char const*, bool) in src/message.cpp #779

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Bug: Stack-buffer-overflow on SendingMessage::SendingMessage(scenario, char const, bool) in src/message.cpp #779