[openssl.org #2630] Segmentation-fault in ssleay_rand_bytes() after generating a large (INT_MAX) random buffer

Fri, 21 Oct 2011 06:29:56 -0700 

Hello,

When I fill a large (INT_MAX=0x7FFFFFFF) buffer with random bytes, RAND_bytes() 
returns 1 and all seems to be OK, but in the next call to RAND_bytes() I get a 
segmentation-fault with OpenSSL 1.0.0c (4GB installed RAM; 3GB free).

A quick look at the core dump shows the following:
In the first call to RAND_bytes() the parameter ''num'' was 0x7FFFFFFF which 
leads to ''num_ceil'' (crypto/rand/md_rand.c:361) will be 0x80000002 but this 
is negative (-2147483646)...
Then the global variable ''state_index'' in (crypto/rand/md_rand.c:137) is 
negative too.
In the second call to RAND_bytes() ''k'' in (crypto/rand/md_rand.c:489) gets 
very large (2147482710) and writes into not allocated memory.

Perhaps this is related to #1764: openssl-0.9.8i random generator bug.

More Information:

> user@host:~> cat ssl_rand_test.c
> #include <limits.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <openssl/rand.h>
>
> int main(void)
> {
>    {
>       unsigned char *buf1 = malloc(INT_MAX);
>       printf("RAND_bytes() %d return %d\n", INT_MAX, RAND_bytes(buf1, 
> INT_MAX));
>       free(buf1);
>    }
>    {
>       unsigned char  buf2[9];
>       const int      num = sizeof(buf2);
>       printf("RAND_bytes() %d return %d\n", num, RAND_bytes(buf2, num));
>    }
>    return EXIT_SUCCESS;
> }
> user@host:~> gcc -g -Wall -pedantic -ansi ssl_rand_test.c -o ssl_rand_test 
> -lcrypto
> user@host:~> ./ssl_rand_test
> RAND_bytes() 2147483647 return 1
> Segmentation-fault
>
> user@host:~> lsb_release -a
> LSB Version:    n/a
> Distributor ID: SUSE LINUX
> Description:    openSUSE 11.4 (x86_64)
> Release:        11.4
> Codename:       Celadon
>
> user@host:~> rpm -qi libopenssl-devel
> Name        : libopenssl-devel             Relocations: (not relocatable)
> Version     : 1.0.0c                            Vendor: openSUSE
> Release     : 18.21.1                       Build Date: Di 20 Sep 2011 
> 13:35:51 CEST
> Install Date: Do 20 Okt 2011 17:33:26 CEST      Build Host: build32
> Group       : Development/Libraries/C and C++   Source RPM: 
> openssl-1.0.0c-18.21.1.src.rpm
> Size        : 1382904                          License: BSD3c(or similar)
> Signature   : RSA/8, Di 20 Sep 2011 13:37:15 CEST, Key ID b88b2fd43dbdc284
> Packager    : http://bugs.opensuse.org
> URL         : http://www.openssl.org/
> Summary     : Include Files and Libraries mandatory for Development
> Description :
> This package contains all necessary include files and libraries needed
> to develop applications that require these.
>
>
>
> Authors:
> --------
>     Mark J. Cox <[email protected]>
>     Ralf S. Engelschall <[email protected]>
>     Dr. Stephen <Henson [email protected]>
>     Ben Laurie <[email protected]>
>     Bodo Moeller <[email protected]>
>     Ulf Moeller <[email protected]>
>     Holger Reif <[email protected]>
>     Paul C. Sutton <[email protected]>
> Distribution: openSUSE 11.4
>
> user@host:~> gdb ./ssl_rand_test core
> ...
> Program terminated with signal 11, Segmentation fault.
> (gdb) bt
> #0  memcpy () at ../sysdeps/x86_64/memcpy.S:102
> #1  0x00007fbcc309f83f in SHA1_Update (c=0x602010, data_=0x7fbc433dcf0b, 
> len=<value optimized out>) at /usr/include/bits/string3.h:52
> #2  0x00007fbcc31009ff in ssleay_rand_bytes (buf=0x7fff81516360 "", num=0) at 
> md_rand.c:492
> #3  0x0000000000400798 in main () at ssl_rand_test.c:16
> (gdb) print k
> $1 = <value optimized out>
> (gdb) print (st_idx+10)-st_num
> $2 = 2147482710
> (gdb) print st_idx
> $3 = -2147483573
> (gdb) print state_index
> $4 = -2147483563
> (gdb) print st_num
> $5 = 1023
> (gdb) print state_num
> $6 = 1023

Would it be better when num_ceil, st_idx, st_num, state_index and state_num are 
unsigned integers?


Best regards
Yves Jäger
atosworldline.com

Geschäftsführer: Wolf Kunisch
Aufsichtsratsvorsitzender: Christophe Duquenne
Sitz der Gesellschaft: Frankfurt/M.
Handelsregister: Frankfurt/Main HRB 40 417

* * * * * * * * L E G A L    D I S C L A I M E R * * * * * * * *
This e-mail and the documents attached are confidential and intended solely for 
the addressee; it may also be privileged. If you receive this e-mail by error, 
please notify the sender immediately and destroy it. As its integrity cannot be 
secured on the internet, the Atos group liability cannot be triggered for the 
message content. Although the sender endeavors to maintain a computer 
virus-free network, the sender does not warrant that this transmission is 
virus-free and shall not be liable for any damages resulting from any virus 
transmitted.
* * * * * * * * L E G A L    D I S C L A I M E R * * * * * * * *


#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>

int main(void)
{
   {
      unsigned char *buf1 = malloc(INT_MAX);
      printf("RAND_bytes() %d return %d\n", INT_MAX, RAND_bytes(buf1, INT_MAX));
      free(buf1);
   }
   {
      unsigned char  buf2[9];
      const int      num = sizeof(buf2);
      printf("RAND_bytes() %d return %d\n", num, RAND_bytes(buf2, num));
   }
   return EXIT_SUCCESS;
}

Reply via email to