Home GnuPG
Diffusion libgcrypt 59b2504df8f0

kdf: fix unaligned memory access in balloon_xor_block
59b2504df8f0
Actions

Description

kdf: fix unaligned memory access in balloon_xor_block

* cipher/kdf.c (balloon_xor_block): Use 'buf_xor' helper function; Change
pointer parameters to 'void *' type.
(balloon_final): Don't cast last_block to 'u64 *' for balloon_xor_block
call.

Seen on s390x UBSAN:
/home/testbuild/libgcrypt/cipher/kdf.c:1130:12: runtime error: load of misaligned address 0x00400181370c for type 'u64', which requires 8 byte alignment
0x00400181370c: note: pointer points here

01 01 01 01 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
            ^
  #0 0x4001a3f3d3  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x1f83d3)
  #1 0x40019cf049  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x188049)
  #2 0x400000acbf  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0xacbf)
  #3 0x4000008931  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x8931)
  #4 0x400271a031  (/lib/libc.so.6+0x2b031)
  #5 0x400271a10d  (/lib/libc.so.6+0x2b10d)
  #6 0x4000009bcf  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x9bcf)
  • GnuPG-bug-id: T5817
  • Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>

Details

Provenance
jukiviliAuthored on Feb 8 2022, 7:54 AM
Parents
rC26bfa41e2413: kdf: Extend original Balloon to other digest algos.
Branches
Unknown
Tags
Unknown
Tasks
T5817: libgcrypt: Add Balloon KDF

Event Timeline

jukivili committed rC59b2504df8f0: kdf: fix unaligned memory access in balloon_xor_block (authored by jukivili).Feb 8 2022, 8:05 AM
jukivili added a task: T5817: libgcrypt: Add Balloon KDF.Feb 8 2022, 8:13 AM
gniibe added a subscriber: gniibe.Feb 9 2022, 1:44 AM

I think that this patch should not be needed, if our implementation of _gcry_private_malloc is not buggy (ensuring same alignment condition as system malloc does).
I just realized that it is buggy unfortunately, so, I'm opening a task for that.

gniibe added a comment.Feb 9 2022, 2:11 AM

Sorry, I looked wrong place. It is balloon_final which assumes user provided RESULT is aligned, which is wrong.

Anyway, this bug should be fixed: T5822: libgcrypt: Remove GCRYCTL_ENABLE_M_GUARD support (was: _gcry_private_malloc returns 4-byte alignment memory when use_m_guard==1)

Changes (1)

PathSize
cipher/

rC59b2504df8f0

View Options

cipher/kdf.c

Loading...