From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Thu, 1 Jun 2017 08:56:23 +0200
Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 90050590f..8e823669c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH)
   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
   set(CMAKE_MACOSX_RPATH 1)
 endif(NOT DISABLE_RPATH)
-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
 set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
 
 if(OS_DARWIN)

From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Thu, 1 Jun 2017 08:56:57 +0200
Subject: [PATCH 2/4] fix buffer over- / underflow conditions

---
 include/ec_strings.h |  2 +-
 src/ec_strings.c     | 25 +++++++++++++++----------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/include/ec_strings.h b/include/ec_strings.h
index f791739da..9ad245ef3 100644
--- a/include/ec_strings.h
+++ b/include/ec_strings.h
@@ -43,7 +43,7 @@
 
 EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
 EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
-EC_API_EXTERN int strescape(char *dst, char *src);
+EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
 EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);   
 EC_API_EXTERN size_t strlen_utf8(const char *s);
 EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
diff --git a/src/ec_strings.c b/src/ec_strings.c
index 53583851a..21b71926c 100644
--- a/src/ec_strings.c
+++ b/src/ec_strings.c
@@ -167,13 +167,14 @@ static int hextoint(int c)
 /* 
  * convert the escaped string into a binary one
  */
-int strescape(char *dst, char *src)
+int strescape(char *dst, char *src, size_t len)
 {
    char  *olddst = dst;
+   char  *oldsrc = src;
    int   c;
    int   val;
 
-   while ((c = *src++) != '\0') {
+   while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
       if (c == '\\') {
          switch ((c = *src++)) {
             case '\0':
@@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
                   if (c >= '0' && c <= '7')
                      val = (val << 3) | (c - '0');
                   else 
-                     --src;
+                     if (src > oldsrc) /* protect against buffer underflow */
+                        --src;
                } else 
-                  --src;
+                  if (src > oldsrc) /* protect against buffer underflow */
+                     --src;
                *dst++ = (char) val;
                break;
 
@@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
                        c = hextoint(*src++);
                        if (c >= 0) 
                           val = (val << 4) + c;
-                       else 
-                          --src;
-               } else 
-                  --src;
+                       else if (src > oldsrc) /* protect against buffer underflow */
+                             --src;
+               } else if (src > oldsrc) /* protect against buffer underflow */
+                     --src;
                *dst++ = (char) val;
                break;
          }
-      } else if (c == 8 || c == 263)  /* the backspace */
-         dst--;
+      } else if (c == 8 || c == 263) {  /* the backspace */
+         if (dst > oldsrc) /* protect against buffer underflow */
+            dst--;
+      }
       else
          *dst++ = (char) c;
    }

From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Thu, 1 Jun 2017 08:57:54 +0200
Subject: [PATCH 3/4] adapt calls of strescape() adding strlen

---
 src/ec_encryption.c                                |  2 +-
 src/interfaces/curses/ec_curses_view_connections.c |  2 +-
 src/interfaces/gtk/ec_gtk_view_connections.c       |  2 +-
 utils/etterfilter/ef_encode.c                      | 18 ++++++++++++------
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/ec_encryption.c b/src/ec_encryption.c
index 6c02529c1..3d5056030 100644
--- a/src/ec_encryption.c
+++ b/src/ec_encryption.c
@@ -218,7 +218,7 @@ int set_wep_key(char *string)
 
    if (type == 's') {
       /* escape the string and check its length */
-      if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
+      if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
     	  SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
    } else if (type == 'p') {
       /* create the key from the passphrase */
diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
index fb52331cf..011c0edf7 100644
--- a/src/interfaces/curses/ec_curses_view_connections.c
+++ b/src/interfaces/curses/ec_curses_view_connections.c
@@ -614,7 +614,7 @@ static void inject_user(void)
    size_t len;
 
    /* escape the sequnces in the buffer */
-   len = strescape((char*)injectbuf, (char*)injectbuf);
+   len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
    
    /* check where to inject */
    if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
index fa7dfdc58..b55e1755a 100644
--- a/src/interfaces/gtk/ec_gtk_view_connections.c
+++ b/src/interfaces/gtk/ec_gtk_view_connections.c
@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
    size_t len;
     
    /* escape the sequnces in the buffer */
-   len = strescape(injectbuf, injectbuf);
+   len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
 
    /* check where to inject */
    if (side == 1 || side == 2) {
diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
index d4b9110cd..7e359e062 100644
--- a/utils/etterfilter/ef_encode.c
+++ b/utils/etterfilter/ef_encode.c
@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
       fop->op.test.string = (u_char*)strdup(string + 1);
          
       /* escape it in the structure */
-      fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
+      fop->op.test.slen = strescape((char*)fop->op.test.string, 
+            (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
      
       return E_SUCCESS;
       
@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
             fop->opcode = FOP_FUNC;
             fop->op.func.op = FFUNC_SEARCH;
             fop->op.func.string = (u_char*)strdup(dec_args[1]);
-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
             ret = E_SUCCESS;
          } else
             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
             fop->opcode = FOP_FUNC;
             fop->op.func.op = FFUNC_REGEX;
             fop->op.func.string = (u_char*)strdup(dec_args[1]);
-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
             ret = E_SUCCESS;
          } else
             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
          /* replace always operate at DATA level */
          fop->op.func.level = 5;
          fop->op.func.string = (u_char*)strdup(dec_args[0]);
-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
          fop->op.func.replace = (u_char*)strdup(dec_args[1]);
-         fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
+         fop->op.func.rlen = strescape((char*)fop->op.func.replace, 
+               (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
          ret = E_SUCCESS;
       } else
          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
       if (nargs == 1) {
          fop->op.func.op = FFUNC_MSG;
          fop->op.func.string = (u_char*)strdup(dec_args[0]);
-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
          ret = E_SUCCESS;
       } else
          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);

From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Sun, 4 Jun 2017 08:09:04 +0200
Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version

---
 CMakeLists.txt | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8e823669c..8f7c7c368 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
   set(CMAKE_MACOSX_RPATH 1)
 endif(NOT DISABLE_RPATH)
-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+
+# set general build flags for debug build-type
+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+# append ASAN build flags if compiler version has support
+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+      message("Building with ASAN support (GNU compiler)")
+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+      message("Building without ASAN support (GNU compiler)")
+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+      message("Building with ASAN support (Clang compiler)")
+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+      message("Building without ASAN support (Clang compiler)")
+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+
+# set build flags for release build-type
 set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
 
 if(OS_DARWIN)