Summary:
During the course of testing putty-0.70-2019-02-12.75dda5e on Fedora 29 compiled with clang version 7.0.1 (Fedora 7.0.1-1.fc29), we discovered it was possible to abort a remote client by streaming data at it in such a way as to trigger an assertion failure.
putty: unix/gtkwin.c:3801: void do_text_internal(GtkFrontend *, int, int, wchar_t *, int, unsigned long, int, truecolour): Assertion `len == 1' failed.
Aborted (core dumped)
Description:
An assertion is a statement that a predicate (Boolean-valued function, i.e. a trueβfalse expression) is always true at that point in code execution. It can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.
mkdir corpus && git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && sudo make install && cd ~
while true; radamsa -s 420 -o - -n inf corpus/*; done
and let run until crashes.A sample screenshot taken while fuzzing PuTTY:
{F423359}
Iβve also attached the core dump that happened at the time of the crash.
Denial of service, crash, loss of data contained in scroll back