You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Illegal process-id: 1.dump.
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 433090]
[New LWP 433089]
Downloading separate debug info for /usr/lib/libproxychains4.so
Downloading separate debug info for /usr/lib/libidn2.so.0
Downloading separate debug info for /usr/lib/libpsl.so.5
Downloading separate debug info for /usr/lib/libgssapi_krb5.so.2
Downloading separate debug info for /usr/lib/libunistring.so.5
Downloading separate debug info for /usr/lib/libkrb5.so.3
Downloading separate debug info for /usr/lib/libk5crypto.so.3
Downloading separate debug info for /usr/lib/libkrb5support.so.0
--Type <RET> for more, q to quit, c to continue without paging--c
Downloading separate debug info for system-supplied DSO at 0x675238dbb000
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `curl -IL CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
[Current thread is 1 (Thread 0x675238d626c0 (LWP 433090))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x0000675238b3a8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x0000675238aea668 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x0000675238ad24b8 in __GI_abort () at abort.c:79
#4 0x0000675238ad23dc in __assert_fail_base (fmt=0x675237fe8fb1 "%s%s%s:%u: %s%sLa declaración `%s' no se cumple.\n%n",
assertion=assertion@entry=0x675238d6d4e6 "l+1 < MSG_LEN_MAX", file=file@entry=0x675238d6d000 "src/allocator_thread.c", line=line@entry=249,
function=function@entry=0x675238d6d978 "threadfunc") at assert.c:92
#5 0x0000675238ae2d26 in __assert_fail (assertion=0x675238d6d4e6 "l+1 < MSG_LEN_MAX", file=0x675238d6d000 "src/allocator_thread.c", line=249,
function=0x675238d6d978 "threadfunc") at assert.c:101
#6 0x0000675238d6c995 in ?? ()
#7 0x0000675238b389eb in start_thread (arg=<optimized out>) at pthread_create.c:444
#8 0x0000675238bbc7cc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
PoC[wget]:
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 446993]
[New LWP 446994]
Downloading separate debug info for /usr/lib/libproxychains4.so
Downloading separate debug info for /usr/lib/libidn2.so.0
Downloading separate debug info for /usr/lib/libpsl.so.5
Downloading separate debug info for /usr/lib/libunistring.so.5
Downloading separate debug info for /usr/lib/libtasn1.so.6
Downloading separate debug info for system-supplied DSO at 0x6c3af981a000
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
--Type <RET> for more, q to quit, c to continue without paging--c
Core was generated by `wget -O- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
[Current thread is 1 (Thread 0x6c3af961c980 (LWP 446993))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00006c3af92ac8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00006c3af925c668 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00006c3af92444b8 in __GI_abort () at abort.c:79
#4 0x00006c3af92443dc in __assert_fail_base (fmt=0x6c3af8b3afb1 "%s%s%s:%u: %s%sLa declaración `%s' no se cumple.\n%n",
assertion=assertion@entry=0x6c3af97cc146 "msg.h.msgtype == ATM_GETIP", file=file@entry=0x6c3af97cc000 "src/allocator_thread.c", line=line@entry=281,
function=function@entry=0x6c3af97cc960 "at_get_ip_for_host") at assert.c:92
#5 0x00006c3af9254d26 in __assert_fail (assertion=0x6c3af97cc146 "msg.h.msgtype == ATM_GETIP", file=0x6c3af97cc000 "src/allocator_thread.c", line=281,
function=0x6c3af97cc960 "at_get_ip_for_host") at assert.c:101
#6 0x00006c3af97c7714 in at_get_ip_for_host () from /usr/lib/libproxychains4.so
#7 0x00006c3af97cb225 in proxy_gethostbyname () from /usr/lib/libproxychains4.so
#8 0x00006c3af97cb432 in proxy_getaddrinfo () from /usr/lib/libproxychains4.so
#9 0x00000033571f92dd in getaddrinfo_with_timeout_callback (arg=arg@entry=0x701770502c40) at /usr/src/debug/wget/wget-1.21.4/src/host.c:391
#10 0x000000335722a6e6 in run_with_timeout.constprop.0 (timeout=timeout@entry=0, fun=fun@entry=0x33571f92c0 <getaddrinfo_with_timeout_callback>,
arg=arg@entry=0x701770502c40) at /usr/src/debug/wget/wget-1.21.4/src/utils.c:2153
#11 0x00000033571fa97d in getaddrinfo_with_timeout (service=0x0, timeout=0, res=0x701770502c38, hints=0x701770502c70, node=0x3389a31770 'a' <repeats 200 times>...)
at /usr/src/debug/wget/wget-1.21.4/src/host.c:409
#12 lookup_host (host=0x3389a31770 'a' <repeats 200 times>..., flags=<optimized out>) at /usr/src/debug/wget/wget-1.21.4/src/host.c:910
#13 0x00000033571ed613 in connect_to_host (host=0x3389a31770 'a' <repeats 200 times>..., port=80) at /usr/src/debug/wget/wget-1.21.4/src/connect.c:394
#14 0x00000033571fdc3d in establish_connection (u=<optimized out>, conn_ref=0x701770502fd8, hs=0x701770503840, proxy=0x0, proxyauth=0x701770502fe0,
req_ref=0x701770502ff8, using_ssl=0x701770502fc3, inhibit_keep_alive=false, sock_ref=0x701770502fc8) at /usr/src/debug/wget/wget-1.21.4/src/http.c:2123
#15 0x0000003357206e60 in gethttp (u=u@entry=0x3389a31700, original_url=original_url@entry=0x3389a31700, hs=hs@entry=0x701770503840, dt=dt@entry=0x701770503d78,
proxy=proxy@entry=0x0, iri=iri@entry=0x3389a32140, count=<optimized out>) at /usr/src/debug/wget/wget-1.21.4/src/http.c:3324
#16 0x000000335720b12e in http_loop (u=0x3389a31700, original_url=0x3389a31700, newloc=0x701770503b88, local_file=0x701770503b80, referer=<optimized out>,
dt=0x701770503d78, proxy=0x0, iri=0x3389a32140) at /usr/src/debug/wget/wget-1.21.4/src/http.c:4421
#17 0x000000335721497b in retrieve_url (orig_parsed=0x3389a31700, origurl=0x3389a31290 "http://", 'a' <repeats 193 times>..., file=0x701770503d88,
newloc=0x701770503d80, refurl=<optimized out>, dt=0x701770503d78, recursive=false, iri=0x3389a32140, register_status=true)
at /usr/src/debug/wget/wget-1.21.4/src/retr.c:969
#18 0x00000033571ea333 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/wget/wget-1.21.4/src/main.c:2171
I did this
Out of curiosity I tried the payload that became present and popular thanks to GHSA-7xw9-w465-6x42 and got a coredump in curl 8.4.0.
I haven't used the -x modifier directly, so "socks5h" is nowhere to be found in the command; However, I have used proxychains and got the error.
Poc[0]:
PoC[wget]:
Tested on:
Aclaration:
I was wrongly reported as an bug in Curl
The text was updated successfully, but these errors were encountered: