-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Apr 12, 2007 at 14:46:47 +0200, Peter Palfrader wrote:
> > 56 if ((keyring = mix_openfile(SECRING, "r")) == NULL) {
> > (gdb) p/x {long}0xbfe5a0ec
> > $12 = 0x80ba800
>
> Very, very interesting. Can you step into mix_openfile() and mixfile()
> and see where it breaks?
gdb was confused by the optimizer. The stack is overwritten with a null byte
by strcat() because idstr[] is a byte short.
(gdb) p/x {long}0xbf848adc
$3 = 0x80ba8e0
(gdb) step
55 strcat(idstr, "\n");
(gdb) p/x {long}0xbf848adc
$4 = 0x80ba8e0
(gdb) next
56 if ((keyring = mix_openfile(SECRING, "r")) == NULL) {
(gdb) p/x {long}0xbf848adc
$5 = 0x80ba800
gcc <4 somehow conceiled this bug.
Here's the relevant code from keymgt.c:
char idstr[33];
[...]
id_encode(keyid, idstr);
[...]
strcat(idstr, "\n");
22:23 <weasel> packbart: a full id_enocde is 32 bytes plus the 0 byte.
22:23 <weasel> packbart: now append "\n"
22:24 <weasel> so you have 32 bytes of data, a \n, and a \0
A quick fix:
- --- keymgt.c 2004-05-07 03:59:13.000000000 +0200
+++ keymgt.c 2007-04-12 22:34:50.191304000 +0200
@@ -39,7 +39,7 @@
{
FILE *keyring;
BUFFER *iv, *pass, *temp;
- - char idstr[33];
+ char idstr[34];
char line[LINELEN];
int err = -1;
char *res;
@@ -126,7 +126,7 @@
{
FILE *keyring;
BUFFER *b, *temp, *iv;
- - char idstr[33];
+ char idstr[34];
char line[LINELEN];
int err = 0;
According to Colin Tuckley, This bug was already fixed in Mixmaster 3.0rc1
along with parametrized key length.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGHqbde9G/CfoujacRAplCAKCGhu5pTNIgUKajraua8T/icmKddgCgiCTg
J6MRuk10myLGm5ni25EjjR0=
=eZvO
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
