[openssl-dev] [openssl.org #3683] checking malformed private key via command line segfaults openssl

Brian Carpenter via RT rt at openssl.org
Sun Feb 1 11:50:28 UTC 2015 

Good evening. I'm reporting a segfault in openssl via the command line
"openssl rsa -in testcase -check" using a malformed private key. I'm using
american fuzzy lop (http://lcamtuf.coredump.cx/afl/) to fuzz openssl.

The testcase, which I've attached to this email, is a mutation of a valid
private ssl key. Doesn't appear to be exploitable according to CERTs
exploitable plugin (https://github.com/jfoote/exploitable) for GDB, but
there are smarter people than I out there in the world.

I compiled openssl with the afl-gcc included with american fuzzy lop for
instrumenting binaries:
CC=/path/to/afl-gcc ./config
AFL_HARDEN=1 make

Here is the output from GDB and Valgrind:

Program received signal SIGSEGV, Segmentation fault.
0x00000000009899ff in pkey_cb (pval=0x7fffffffd6f0, operation=<optimized
out>,
    it=<optimized out>, exarg=<optimized out>) at p8_pkey.c:72
72        if (key->pkey->value.octet_string)

(gdb) exploitable
Description: Access violation near NULL on source operand
Short description: SourceAvNearNull (16/22)
Hash: 589e66012e1218a63f994739c4ec4083.0007be4bb08747c7f86854a2a873ea7a
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Explanation: The target crashed on an access violation at an address
matching the source operand of the current instruction. This likely
indicates a read access violation, which may mean the application crashed
on a simple NULL dereference to data structure that has no immediate effect
on control of the processor.
Other tags: AccessViolation (21/22)

(gdb) bt
#0  0x00000000009899ff in pkey_cb (pval=0x7fffffffd6f0,
    operation=<optimized out>, it=<optimized out>, exarg=<optimized out>)
    at p8_pkey.c:72
#1  pkey_cb (operation=2, pval=0x7fffffffd6f0, it=<optimized out>,
exarg=0x0)
    at p8_pkey.c:66
#2  0x0000000000951fa8 in asn1_item_combine_free (pval=0x7fffffffd6f0,
    it=0xd09e40, combine=0) at tasn_fre.c:149
#3  0x000000000095e64b in ASN1_item_ex_d2i (pval=pval at entry=0x7fffffffd6f0,
    in=<optimized out>, len=1196, it=0xd09e40, tag=<optimized out>,
    tag at entry=-1, aclass=<optimized out>, aclass at entry=0,
    opt=opt at entry=0 '\000', ctx=ctx at entry=0x7fffffffd700) at tasn_dec.c:484
#4  0x0000000000960bd9 in ASN1_item_d2i (pval=<optimized out>,
    in=<optimized out>, len=<optimized out>, it=<optimized out>)
    at tasn_dec.c:146
#5  0x00000000009a17b9 in PEM_read_bio_PrivateKey (bp=<optimized out>,
x=0x0,
    cb=0x4d0510 <password_callback>, u=0x7fffffffdbf0) at pem_pkey.c:94
#6  0x00000000004d7a6c in load_key (err=0xf88010,
    file=0x7fffffffe60e "./id:000016,sig:11,src:000000,op:havoc,rep:2",
    format=3, maybe_stdin=1, pass=<optimized out>, e=<optimized out>,
    key_descrip=0xcc01c6 "Private Key") at apps.c:989
#7  0x0000000000458af4 in rsa_main (argc=<optimized out>, argv=<optimized
out>)
    at rsa.c:291
#8  0x000000000040c3e8 in do_cmd (prog=prog at entry=0xfa47a0, argc=4,
    argv=argv at entry=0x7fffffffe370) at openssl.c:472
---Type <return> to continue, or q <return> to quit---
#9  0x000000000040b63c in main (Argc=<optimized out>, Argv=0x7fffffffe370)
    at openssl.c:366
#10 0x00007ffff786bead in __libc_start_main (main=<optimized out>,
    argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffe358)
    at libc-start.c:244
#11 0x000000000040bbd1 in _start ()

(gdb) i r
rax            0xfa5d20 16407840
rbx            0xd09e40 13672000
rcx            0x0 0
rdx            0x0 0
rsi            0x7fffffffd6f0 140737488344816
rdi            0x2 2
rbp            0x7fffffffd6f0 0x7fffffffd6f0
rsp            0x7fffffffd550 0x7fffffffd550
r8             0x4 4
r9             0x4 4
r10            0x0 0
r11            0x1 1
r12            0xd09e40 13672000
r13            0x7fffffffd6f0 140737488344816
r14            0xfa6136 16408886
r15            0x9898d0 10000592
rip            0x9899ff 0x9899ff <pkey_cb+247>
eflags         0x10246 [ PF ZF IF RF ]
cs             0x33 51
ss             0x2b 43
ds             0x0 0
es             0x0 0
fs             0x0 0
gs             0x0 0

Regards,

Brian 'geeknik' Carpenter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: opensslkeycrash.gz
Type: application/x-gzip
Size: 981 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150201/faf9ec26/attachment.bin>

More information about the openssl-dev mailing list