From 001c8a6a8baf27a1ff2026bd398e738509c9bded Mon Sep 17 00:00:00 2001 From: Vigi Zhang Date: Fri, 21 Oct 2022 11:11:18 +0800 Subject: [PATCH] add pdsa-2022-001, test=document_fix (#47228) Add PDSA-2022-001 security advisory --- SECURITY.md | 4 +-- SECURITY_cn.md | 2 +- security/README.md | 8 ++--- security/README_cn.md | 8 ++--- security/advisory/pdsa-2022-001.md | 49 +++++++++++++++++++++++++++ security/advisory/pdsa-2022-001_cn.md | 49 +++++++++++++++++++++++++++ 6 files changed, 109 insertions(+), 11 deletions(-) create mode 100644 security/advisory/pdsa-2022-001.md create mode 100644 security/advisory/pdsa-2022-001_cn.md diff --git a/SECURITY.md b/SECURITY.md index 97b092d6dfc..073a27c61ee 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -48,7 +48,7 @@ We will indicate the bug fix in the release of PaddlePaddle, and publish the vul ### What is a vulnerability? -In the process of computation graphs in PaddlePaddle, models can perform arbitrary computations , including reading and writing files, communicating with the network, etc. It may cause memory exhaustion, deadlock, etc., which will lead to unexpected behavior of PaddlePaddle. We consider these behavior to be security vulnerabilities only if they are out of the intention of the operation involved. +In the process of computation graphs in PaddlePaddle, models can perform arbitrary computations , including reading and writing files, communicating with the network, etc. It may cause memory exhaustion, deadlock, etc., which will lead to unexpected behavior of PaddlePaddle. We consider these behavior to be security vulnerabilities only if they are out of the intention of the operation involved. @@ -60,4 +60,4 @@ If malicious input can trigger memory corruption or non-clean exit, such bug is -[security advisories](https://github.com/PaddlePaddle/Paddle/blob/develop/security/README.md) +[security advisories](./security/README.md) diff --git a/SECURITY_cn.md b/SECURITY_cn.md index cd2b4b450b4..e22340349c4 100644 --- a/SECURITY_cn.md +++ b/SECURITY_cn.md @@ -46,4 +46,4 @@ 如果输入非预期的参数后,对飞桨代码造成了内存破坏,或者非干净退出,这类行为被认定为存在安全问题。 -### [安全公告](https://github.com/PaddlePaddle/Paddle/blob/develop/security/README_cn.md) +### [安全公告](./security/README_cn.md) diff --git a/security/README.md b/security/README.md index 506bfbb9118..cb01299927f 100644 --- a/security/README.md +++ b/security/README.md @@ -4,9 +4,9 @@ We regularly publish security advisories about using PaddlePaddle. -*Note*: In conjunction with these security advisories, we strongly encourage PaddlePaddle users to read and understand PaddlePaddle's security model as outlined in [SECURITY.md](https://github.com/PaddlePaddle/Paddle/blob/develop/SECURITY.md). +*Note*: In conjunction with these security advisories, we strongly encourage PaddlePaddle users to read and understand PaddlePaddle's security model as outlined in [SECURITY.md](../SECURITY.md). -| Advisory Number | Type | Versions affected | Reported by | Additional Information| -| --------------- | ---- | :---------------: | ----------- | ----------------------| -| | | | | | +| Advisory Number | Type | Versions affected | Reported by | Additional Information | +|----------------------------------------------|-------------------------|:-----------------:|---------------------------------------|------------------------| +| [PDSA-2022-001](./advisory/pdsa-2022-001.md) | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team | | diff --git a/security/README_cn.md b/security/README_cn.md index 49f486b0f78..57669ba01d7 100644 --- a/security/README_cn.md +++ b/security/README_cn.md @@ -4,9 +4,9 @@ -注:我们非常建议飞桨用户阅读和理解[SECURITY_cn.md](https://github.com/PaddlePaddle/Paddle/blob/develop/SECURITY_cn.md)所介绍的飞桨安全模型,以便更好地了解此安全公告。 +注:我们非常建议飞桨用户阅读和理解[SECURITY_cn.md](../SECURITY_cn.md)所介绍的飞桨安全模型,以便更好地了解此安全公告。 -| 安全公告编号 | 类型 | 受影响版本 | 报告者 | 备注 | -| --------------- | ---- | :---------------: | ----------- | ----------------------| -| | | | | | +| 安全公告编号 | 类型 | 受影响版本 | 报告者 | 备注 | +|-------------------------------------------------|-------------------------|:-----:|---------------------------------------| ----------------------| +| [PDSA-2022-001](./advisory/pdsa-2022-001_cn.md) | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team | | diff --git a/security/advisory/pdsa-2022-001.md b/security/advisory/pdsa-2022-001.md new file mode 100644 index 00000000000..5b77efb9a36 --- /dev/null +++ b/security/advisory/pdsa-2022-001.md @@ -0,0 +1,49 @@ +## PDSA-2022-001: OOB read in gather_tree + +### Impact + +The PoC is as follows: + +```python +import paddle +import paddle.fluid as fluid +import numpy as np + +ids = paddle.to_tensor([[2,2],[6,1]]) +parents = paddle.to_tensor([[2,2],[6,1]]) + +out = paddle.nn.functional.gather_tree(ids,parents) +``` + +The [implementation](https://github.com/PaddlePaddle/Paddle/blob/release/2.3/paddle/phi/kernels/cpu/gather_tree_kernel.cc#L31-L33) of GatherTreeKernel does not validate the ids_dims size which would result in a memory out-of-bounds read if the ids shape is invalid. + +```c++ +template +void GatherTreeKernel(const Context &dev_ctx, + const DenseTensor &ids, + const DenseTensor &parents, + DenseTensor *out) { + const auto *ids_data = ids.data(); + const auto *parents_data = parents.data(); + + T *out_data = dev_ctx.template Alloc(out); + + auto &ids_dims = ids.dims(); + auto max_length = ids_dims[0]; + auto batch_size = ids_dims[1]; + auto beam_size = ids_dims[2]; //[1] +``` + +### Patches + +We have patched the issue in commit [6712e262fc6734873cc6d5ca4f45973339a88697](https://github.com/PaddlePaddle/Paddle/commit/6712e262fc6734873cc6d5ca4f45973339a88697). + +The fix will be included in PaddlePaddle 2.4. + +### For more information + +Please consult [our security guide](../../SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. + +### Attribution + +This vulnerability has been reported by Wang Xuan(王旋) of Qihoo 360 AIVul Team. diff --git a/security/advisory/pdsa-2022-001_cn.md b/security/advisory/pdsa-2022-001_cn.md new file mode 100644 index 00000000000..fba4d98e632 --- /dev/null +++ b/security/advisory/pdsa-2022-001_cn.md @@ -0,0 +1,49 @@ +## PDSA-2022-001: OOB read in gather_tree + +### 影响 + +PoC如下: + +```python +import paddle +import paddle.fluid as fluid +import numpy as np + +ids = paddle.to_tensor([[2,2],[6,1]]) +parents = paddle.to_tensor([[2,2],[6,1]]) + +out = paddle.nn.functional.gather_tree(ids,parents) +``` + +在GatherTreeKernel的[实现代码中](https://github.com/PaddlePaddle/Paddle/blob/release/2.3/paddle/phi/kernels/cpu/gather_tree_kernel.cc#L31-L33),并没有检查ids_dims的大小,当输入非预期的ids,其shape不正确时会造成可能造成越界读ids_dims。 + +```c++ +template +void GatherTreeKernel(const Context &dev_ctx, + const DenseTensor &ids, + const DenseTensor &parents, + DenseTensor *out) { + const auto *ids_data = ids.data(); + const auto *parents_data = parents.data(); + + T *out_data = dev_ctx.template Alloc(out); + + auto &ids_dims = ids.dims(); + auto max_length = ids_dims[0]; + auto batch_size = ids_dims[1]; + auto beam_size = ids_dims[2]; //[1] +``` + +### 补丁 + +我们在commit [6712e262fc6734873cc6d5ca4f45973339a88697](https://github.com/PaddlePaddle/Paddle/commit/6712e262fc6734873cc6d5ca4f45973339a88697)中对此问题进行了补丁。 + +修复将包含在飞桨2.4版本当中。 + +### 更多信息 + +请参考我们的[安全指南](../../SECURITY_cn.md)以获得更多关于安全的信息,以及如何与我们联系问题。 + +### 贡献者 + +此漏洞由 Wang Xuan(王旋) of Qihoo 360 AIVul Team 提交。 -- GitLab