Hi Jeff,
I ran address sanitizer: Heap use after free is the problem. I had to use
the NEW operator to allocate the ram. What is weird is that usually it
will error out right away after it goes out of scope, but this was delayed
in recovering the memory, so it was working and then poof the memory
disappears, but there is no access violation, it just returns bad result
but only sometimes. Other times it is working and if there is a delay then
the RAM gets reclaimed in that time and the error occurs right in the
middle of the function. Really freaky.
char* convert_cryptopp_integer_str(Integer n, size_t& msg_len){
const size_t len = n.MinEncodedSize(Integer::UNSIGNED);
char* v = new char[len];
msg_len = len;
n.Encode((byte*)v, len, Integer::UNSIGNED);
return v;
}
std::vector<byte>* convert_cryptopp_integer(Integer n){
const size_t len = n.MinEncodedSize(Integer::UNSIGNED);
std::vector<byte>* v = new std::vector<byte>(len);
n.Encode((byte*)v, v->size(), Integer::UNSIGNED);
return v;
}
=================================================================
==23926==ERROR: AddressSanitizer: heap-use-after-free on address
0xffff82607880 at pc 0xaaaaca7153cc bp 0xffffdc752330 sp 0xffffdc752350
READ of size 1 at 0xffff82607880 thread T0
#0 0xaaaaca7153c8 in
send_broker_message(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, int, CryptoPP::RSAFunction,
int, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, unsigned short, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, bool)
../src/libs/lib_udp_messages.cpp:589
#1 0xaaaaca652f30 in main ../src/threading/server.cpp:128
#2 0xffff874c0990 in __libc_start_main (/lib/libc.so.6+0x24990)
#3 0xaaaaca654c74 in _start (/home/root/p2p_sockets/server+0xc4c74)
0xffff82607880 is located 0 bytes inside of 513-byte region
[0xffff82607880,0xffff82607a81)
freed by thread T0 here:
#0 0xffff8798ebc8 in operator delete(void*, unsigned long)
(/usr/lib/libasan.so.6+0xa8bc8)
#1 0xaaaaca715310 in __gnu_cxx::new_allocator<char>::deallocate(char*,
unsigned long)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/ext/new_allocator.h:133
#2 0xaaaaca715310 in std::allocator_traits<std::allocator<char>
>::deallocate(std::allocator<char>&, char*, unsigned long)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/alloc_traits.h:492
#3 0xaaaaca715310 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_destroy(unsigned long)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:237
#4 0xaaaaca715310 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_dispose()
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:232
#5 0xaaaaca715310 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::~basic_string()
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:658
#6 0xaaaaca715310 in
send_broker_message(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, int, CryptoPP::RSAFunction,
int, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, unsigned short, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, bool)
../src/libs/lib_udp_messages.cpp:532
#7 0xaaaaca652f30 in main ../src/threading/server.cpp:128
#8 0xffff874c0990 in __libc_start_main (/lib/libc.so.6+0x24990)
#9 0xaaaaca654c74 in _start (/home/root/p2p_sockets/server+0xc4c74)
previously allocated by thread T0 here:
#0 0xffff8798dc48 in operator new(unsigned long)
(/usr/lib/libasan.so.6+0xa7c48)
#1 0xaaaaca6655f4 in void std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::_M_construct<__gnu_cxx::__normal_iterator<unsigned char*,
std::vector<unsigned char, std::allocator<unsigned char> > >
>(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char,
std::allocator<unsigned char> > >, __gnu_cxx::__normal_iterator<unsigned
char*, std::vector<unsigned char, std::allocator<unsigned char> > >,
std::forward_iterator_tag)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.tcc:219
#2 0xaaaaca6655f4 in void std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::_M_construct_aux<__gnu_cxx::__normal_iterator<unsigned char*,
std::vector<unsigned char, std::allocator<unsigned char> > >
>(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char,
std::allocator<unsigned char> > >, __gnu_cxx::__normal_iterator<unsigned
char*, std::vector<unsigned char, std::allocator<unsigned char> > >,
std::__false_type)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:247
#3 0xaaaaca6655f4 in void std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::_M_construct<__gnu_cxx::__normal_iterator<unsigned char*,
std::vector<unsigned char, std::allocator<unsigned char> > >
>(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char,
std::allocator<unsigned char> > >, __gnu_cxx::__normal_iterator<unsigned
char*, std::vector<unsigned char, std::allocator<unsigned char> > >)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:266
#4 0xaaaaca6655f4 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::basic_string<__gnu_cxx::__normal_iterator<unsigned char*,
std::vector<unsigned char, std::allocator<unsigned char> > >,
void>(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned
char, std::allocator<unsigned char> > >,
__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char,
std::allocator<unsigned char> > >, std::allocator<char> const&)
/opt/fsl-imx-xwayland/5.10-hardknott/sysroots/cortexa53-crypto-poky-linux/usr/include/c++/10.2.0/bits/basic_string.h:628
#5 0xaaaaca6655f4 in encrypt_rsa(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, CryptoPP::RSAFunction)
../src/security/encryption/lib_encrypt.cpp:299
#6 0xaaaaca715078 in
send_broker_message(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, int, CryptoPP::RSAFunction,
int, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, unsigned short, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, bool)
../src/libs/lib_udp_messages.cpp:532
#7 0xaaaaca652f30 in main ../src/threading/server.cpp:128
#8 0xffff874c0990 in __libc_start_main (/lib/libc.so.6+0x24990)
#9 0xaaaaca654c74 in _start (/home/root/p2p_sockets/server+0xc4c74)
SUMMARY: AddressSanitizer: heap-use-after-free
../src/libs/lib_udp_messages.cpp:589 in
send_broker_message(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, int, CryptoPP::RSAFunction,
int, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, unsigned short, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, bool)
Shadow bytes around the buggy address:
0x200ff04c0ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x200ff04c0ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x200ff04c0ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x200ff04c0ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x200ff04c0f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x200ff04c0f10:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x200ff04c0f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x200ff04c0f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x200ff04c0f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x200ff04c0f50: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x200ff04c0f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==23926==ABORTING
On Tuesday, April 25, 2023 at 9:21:05 PM UTC-4 Jeffrey Walton wrote:
> On Tue, Apr 25, 2023 at 7:12 PM Dwight Kulkarni <dwi...@realtime-7.com>
> wrote:
> >
> > I got it working by implementing the raw Integer method. See my code
> below, previous encryption is commented out. I don't know why but it wasn't
> working otherwise and I think it has something to do with memory allocation
> maybe it works with -static flag because some references are staying in
> scope as the entire library is loaded into RAM ?
> >
> > I had to implement the PKCS1v15 again but I would like to know what is
> wrong so I can write the code accordingly.
> >
> > I have the Integer c.
> >
> > 1) If I use snippet 1, get the vector and then read it into a string
> "res" and return it, this works.
> >
> > 2) If I use snippet 2, aka do the exact same thing in the function. It
> doesn't work. I am trying to think whether the Vector needs to be declared
> with new ? I am passing back the whole object not a pointer, so it should
> not go out of scope ?? But maybe the resarr2 is not a deep copy and when it
> goes out of scope the string data is also destroyed ?? On the other side,
> the serve complains with Snippet 2 and not with Snippet 1.
>
> If you want someone to look at your programs, you need to provide a
> minimal reproducer somewhere it can be cloned like GitHub or GitLab.
> I'm not going to try to copy/paste it from the mailing list. I'm also
> not going to try to make it compile due to missing functions and
> missing main().
>
> Now, onto your memory problems. Use Address Sanitizer or Valgrind to
> locate the memory error. I recommend Address Sanitizer (Asan). Asan
> produces the best debug and diagnostics. Follow these steps.
>
> # where the Crypto++ sources are
> cd cryptopp
> make distclean
>
> # make the library
> CXXFLAGS="-DNDEBUG -g3 -O1 -fsanitize=address" make -j 5
>
> # test the library. Notice no memory errors
> ./cryptest.exe vv
>
> # copy your test program. Be sure to name it *.cxx
> cp ../../test.cxx .
> g++ -o test.exe -DNDEBUG -g3 -O1 -I. -fsanitize=address test.cxx
> ./libcryptopp.a
>
> # run your program
> ./test.exe
>
> Attached is my broken test.cxx. I used a vector that was too small:
>
> size_t len = n.MinEncodedSize(Integer::UNSIGNED);
> std::vector<byte> v(len-4);
> n.Encode((byte*)&v[0], v.size()+4, Integer::UNSIGNED);
>
> Here is the result of my broken test program:
>
> $ g++ -o test.exe -DNDEBUG -g3 -O1 -I. -fsanitize=address test.cxx
> ./libcryptopp.a
> $ ./test.exe
> =================================================================
> ==12167==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x60200000003c at pc 0x7ffb24239e67 bp 0x7ffd10274f30 sp
> 0x7ffd102746d8
> WRITE of size 1 at 0x60200000003c thread T0
> #0 0x7ffb24239e66 in __interceptor_memmove
>
> ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
> #1 0x55a0a1c8cac2 in memmove
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:36
> #2 0x55a0a1c8cac2 in CryptoPP::ArraySink::Put2(unsigned char
> const*, unsigned long, int, bool)
> /home/jwalton/cryptopp/filters.cpp:545
> #3 0x55a0a1b1f642 in
> CryptoPP::BufferedTransformation::Put(unsigned char const*, unsigned
> long, bool) /home/jwalton/cryptopp/cryptlib.h:1689
> #4 0x55a0a1b1f642 in
> CryptoPP::BufferedTransformation::Put(unsigned char, bool)
> /home/jwalton/cryptopp/cryptlib.h:1679
> #5 0x55a0a1b1f642 in
> CryptoPP::Integer::Encode(CryptoPP::BufferedTransformation&, unsigned
> long, CryptoPP::Integer::Signedness) const
> /home/jwalton/cryptopp/integer.cpp:3439
> #6 0x55a0a1b1fa84 in CryptoPP::Integer::Encode(unsigned char*,
> unsigned long, CryptoPP::Integer::Signedness) const
> /home/jwalton/cryptopp/integer.cpp:3431
> #7 0x55a0a1af64ac in main /home/jwalton/cryptopp/test.cxx:18
> #8 0x7ffb23a29d8f in __libc_start_call_main
> ../sysdeps/nptl/libc_start_call_main.h:58
> #9 0x7ffb23a29e3f in __libc_start_main_impl ../csu/libc-start.c:392
> #10 0x55a0a1af6004 in _start (/home/jwalton/cryptopp/test.exe+0x66004)
>
> 0x60200000003c is located 0 bytes to the right of 12-byte region
> [0x602000000030,0x60200000003c)
> allocated by thread T0 here:
> #0 0x7ffb242b61c7 in operator new(unsigned long)
> ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
> #1 0x55a0a1af632c in __gnu_cxx::new_allocator<unsigned
> char>::allocate(unsigned long, void const*)
> /usr/include/c++/11/ext/new_allocator.h:127
> #2 0x55a0a1af632c in std::allocator_traits<std::allocator<unsigned
> char> >::allocate(std::allocator<unsigned char>&, unsigned long)
> /usr/include/c++/11/bits/alloc_traits.h:464
> #3 0x55a0a1af632c in std::_Vector_base<unsigned char,
> std::allocator<unsigned char> >::_M_allocate(unsigned long)
> /usr/include/c++/11/bits/stl_vector.h:346
> #4 0x55a0a1af632c in std::_Vector_base<unsigned char,
> std::allocator<unsigned char> >::_M_create_storage(unsigned long)
> /usr/include/c++/11/bits/stl_vector.h:361
> #5 0x55a0a1af632c in std::_Vector_base<unsigned char,
> std::allocator<unsigned char> >::_Vector_base(unsigned long,
> std::allocator<unsigned char> const&)
> /usr/include/c++/11/bits/stl_vector.h:305
> #6 0x55a0a1af632c in std::vector<unsigned char,
> std::allocator<unsigned char> >::vector(unsigned long,
> std::allocator<unsigned char> const&)
> /usr/include/c++/11/bits/stl_vector.h:511
> #7 0x55a0a1af632c in main /home/jwalton/cryptopp/test.cxx:17
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow
>
> ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
> in __interceptor_memmove
> Shadow bytes around the buggy address:
> 0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x0c047fff8000: fa fa 00 fa fa fa 00[04]fa fa fa fa fa fa fa fa
> 0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> Shadow gap: cc
>
--
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/cryptopp-users/7079ff81-788a-4b7c-9f0e-8612fb570588n%40googlegroups.com.
