View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008798 | GNUnet | util library | public | 2024-05-04 23:09 | 2024-06-08 12:03 |
| Reporter | ulfvonbelow | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | x86-64 | OS | Guix System | OS Version | a1d711c92e |
| Product Version | Git master | ||||
| Fixed in Version | 0.21.2 | ||||
| Summary | 0008798: zero-size variable array declaration in GNUNET_CRYPTO_symmetric_encrypt | ||||
| Description | This showed up in the tests of libgnunetchat: ==================================== 3/4 ===================================== test: test_gnunet_chat_file start time: 19:07:44 duration: 0.44s result: exit status 0 command: LD_LIBRARY_PATH=/tmp/guix-build-libgnunetchat-0.3.1.drv-0/build/ MALLOC_PERTURB_=86 /tmp/guix-build-libgnunetchat-0.3.1.drv-0/build/tests/test_gnunet_chat_file.test ----------------------------------- stdout ----------------------------------- Running suite(s): File 100%: Checks: 1, Failures: 0, Errors: 0 ----------------------------------- stderr ----------------------------------- crypto_symmetric.c:140:8: runtime error: variable length array bound evaluates to non-positive value 0 #0 0x7ffff6fae5b6 in GNUNET_CRYPTO_symmetric_encrypt /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/crypto_symmetric.c:140 #1 0x7ffff5b54eb5 in GNUNET_FS_tree_encoder_next /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/service/fs/fs_tree.c:374 #2 0x7ffff5b21543 in publish_content /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/service/fs/fs_publish.c:685 #3 0x7ffff707f791 in GNUNET_MQ_handle_message /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/mq.c:242 #4 0x7ffff707fe13 in GNUNET_MQ_inject_message /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/mq.c:192 #5 0x7ffff6fc248d in recv_message /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/client.c:347 #6 0x7ffff707bf76 in GNUNET_MST_from_buffer /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/mst.c:222 #7 0x7ffff6fc2c29 in receive_ready /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/client.c:447 #8 0x7ffff70c86a3 in GNUNET_SCHEDULER_do_work /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/scheduler.c:2137 #9 0x7ffff70cb919 in select_loop /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/scheduler.c:2436 #10 0x7ffff70cb919 in GNUNET_SCHEDULER_run /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/scheduler.c:738 #11 0x7ffff70aaedb in GNUNET_PROGRAM_run2 /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/program.c:381 #12 0x7ffff70ac470 in GNUNET_PROGRAM_run /tmp/guix-build-gnunet-0.21.1.drv-0/gnunet-0.21.1/src/lib/util/program.c:408 #13 0x4030b6 in test_gnunet_chat_file_send_fn ../source/tests/test_gnunet_chat_file.c:215 #14 0x7ffff7e7e11c in tcase_run_tfun_fork /tmp/guix-build-check-0.15.2.drv-0/check-0.15.2/src/check_run.c:497 #15 0x7ffff7e7e11c in srunner_iterate_tcase_tfuns /tmp/guix-build-check-0.15.2.drv-0/check-0.15.2/src/check_run.c:256 #16 0x7ffff7e7e11c in srunner_run_tcase /tmp/guix-build-check-0.15.2.drv-0/check-0.15.2/src/check_run.c:402 #17 0x7ffff7e7e11c in srunner_iterate_suites /tmp/guix-build-check-0.15.2.drv-0/check-0.15.2/src/check_run.c:222 #18 0x7ffff7e7e11c in srunner_run_tagged /tmp/guix-build-check-0.15.2.drv-0/check-0.15.2/src/check_run.c:814 #19 0x4022f3 in main ../source/tests/test_gnunet_chat_file.c:221 #20 0x7ffff622c236 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #21 0x7ffff622c2f1 in __libc_start_main_impl ../csu/libc-start.c:392 #22 0x402360 in _start (/tmp/guix-build-libgnunetchat-0.3.1.drv-0/build/tests/test_gnunet_chat_file.test+0x402360) ============================================================================== A zero-length variable-length array is undefined behavior, so it gets reported by UBSan. | ||||
| Steps To Reproduce | 1. Build and install gnunet with --enable-sanitizer 2. Build libgnunetchat and run its test suite 3. Observe complaint by UBSan | ||||
| Additional Information | This is exactly what the GNUNET_NZL macro was made for, so a patch that uses it is attached. Note that I'm not sure that it's wise to use a stack allocation here in the first place, unless there's some sort of guarantee that GNUNET_CRYPTO_symmetric_encrypt will only be called with relatively small block sizes. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 0001-util-ensure-nonzero-stack-allocation-in-G_C_symmetri.patch (807 bytes)
From be1daa3d01194b8ca15a536f1a813efdcb5e04bb Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Fri, 3 May 2024 14:13:23 -0500
Subject: [PATCH] util: ensure nonzero stack allocation in
G_C_symmetric_encrypt.
---
src/lib/util/crypto_symmetric.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/util/crypto_symmetric.c b/src/lib/util/crypto_symmetric.c
index a9217febd..c08b84c17 100644
--- a/src/lib/util/crypto_symmetric.c
+++ b/src/lib/util/crypto_symmetric.c
@@ -137,7 +137,7 @@ GNUNET_CRYPTO_symmetric_encrypt (const void *block,
void *result)
{
gcry_cipher_hd_t handle;
- char tmp[size];
+ char tmp[GNUNET_NZL(size)];
if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
return -1;
--
2.41.0
| ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-04 23:09 | ulfvonbelow | New Issue | |
| 2024-05-04 23:09 | ulfvonbelow | File Added: 0001-util-ensure-nonzero-stack-allocation-in-G_C_symmetri.patch | |
| 2024-05-05 14:18 | schanzen | Assigned To | => schanzen |
| 2024-05-05 14:18 | schanzen | Status | new => resolved |
| 2024-05-05 14:18 | schanzen | Resolution | open => fixed |
| 2024-05-05 14:18 | schanzen | Fixed in Version | => 0.21.2 |
| 2024-05-05 14:18 | schanzen | Note Added: 0022351 | |
| 2024-06-08 12:03 | schanzen | Note Added: 0022550 | |
| 2024-06-08 12:03 | schanzen | Status | resolved => closed |
