[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

David Benjamin via RT rt at openssl.org
Sun Jul 31 23:49:17 UTC 2016 

On Sun, Jul 31, 2016 at 6:18 PM Michel via RT <rt at openssl.org> wrote:

> > I was able to trigger a crash simply by chaining an encrypt BIO with a
> memory BIO containing a large plaintext and then stream 100 bytes out of it
> at a time. BIO_read would consistently return 128 and, by the time the
> function returned, the stack was thoroughly clobbered.
>
> I am surprised. I should have been [un-?]lucky for once.
> FWIW, here is what I did :
> I have some files containing about 10000 of variable length lines (range is
> from about 60 to 260 bytes).
> File size is about 900 Kb to 1.5 Mb.
> Files can be cleartext or encrypted (in this case they can be optionaly
> base64 encoded).
> So I have a software that chain as follow :
> File bio ->
> Base64 bio (opt) ->
> Cipher bio (opt) ->
> Memory bio.
>
> For my test I read and wrote each case using 2 different ciphers : aes-128
> and camelia-192.
> Everything looks good : no crash, no data lost or damaged, no memory leak
> and no stack overwritten.
>
> I certainly misunderstand something, but I will be happy to test again my
> use case if it can be of any help.
>

(I'm not entirely sure which direction the arrows are meant to be going.)

You need the read to not be a multiple of 16 to trigger the issue. (Well,
that's the simplest trigger. I also got decrypt BIOs to trigger with
outl=128 because EVP_DecryptUpdate always holds back the final block.) Also
if your code will secretly tolerate the cipher BIO returning more data than
outl, you won't notice. But the API contract of BIO_read is that it will
not return more than outl bytes of data.

Reads of size 100 into a buffer of size 100 will do the trick:

outl = 100 =>
buf_len = 128 =>
i = 128 (assuming we got a full read) =>
we ask EVP_CipherUpdate to decrypt 128 bytes =>
128 bytes of output into out =>
buffer overflow

David

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list