Bug in DSA_generate_parameters_ex in 20070227 snapshot

[Jack Lloyd]

In dsa_gen.c:

  for (i = qsize-1; i = 0; i--)
  {
  buf[i]++;
  if (buf[i] != 0)
 break;
  }

i is a size_t, so the expression i = 0 is always true. If the value
of seed is 0xFF...FF, the break will never be triggered either, and
it will modify memory after seed.

Test case:

int main()
   {
   DSA* dsa = DSA_new();

   unsigned char seed[20] = { 0 };
   memset(seed, 0xFF, 20);

   DSA_generate_parameters_ex(dsa, 1024, seed, sizeof(seed), 0, 0, 0);
   }


Under valgrind (after compiling with -DPURIFY) the error is visible:

==27347== 1 errors in context 1 of 1:
==27347== Conditional jump or move depends on uninitialised value(s)
==27347==at 0x40C583: dsa_builtin_paramgen (in 
/home/jack/sources/openssl-SNAP-20070227/dsa_gen)
==27347==by 0x40CBD5: DSA_generate_parameters_ex (in 
/home/jack/sources/openssl-SNAP-20070227/dsa_gen)
==27347==by 0x401764: main (dsa_gen.c:283)

Adding

seed[19] = 0xFE;

before the call to DSA_generate_parameters_ex allows the loop to exit
before it walks off the end, and no error shows up under valgrind.

-Jack
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Bug in DSA_generate_parameters_ex in 20070227 snapshot

[Nils Larsch]

Jack Lloyd wrote:

In dsa_gen.c:

  for (i = qsize-1; i = 0; i--)
  {
  buf[i]++;
  if (buf[i] != 0)
 break;
  }

i is a size_t, so the expression i = 0 is always true.


true ... 'i' is now a 'int' again.

Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]