[botan-devel] Regression in RNG leads to sigsegv in unusual cases
jf at ownco.net
Wed Dec 10 21:18:55 EST 2014
Just as a follow-up and note for anyone who wants to utilize Botan in a
chrooted/Unix service environment, the problem I was encountering came from
calling Botan::LibraryInitializer in main prior to closing all of my file
descriptors as part of detaching from the TTY.
This resulted in a stale file descriptor in Botan that had since been
opened to my log file as write only, which resulted in the segfault from
said regression that didn't check the return value of read().
Unfortunately, as much as I particularly dislike the OpenSSL API and find
it particularly annoying to use outside of its few "well exercised" code
paths, I just don't have the time or patience to validate all of the code
paths necessary in Botan to make sure I'm not introducing vulnerability
into my code through things like not checking the return value of read.
Best of luck.
On Dec 2, 2014 9:16 AM, "Justin Ferguson" <jf at ownco.net> wrote:
> Just FYI, it appears that the issue described here
> managed to creep back into the 1.11 code base.
> I haven't fully had a chance to debug my situation, but I don't think this
> is what is happening with me but the signed/unsigned thing is something
> that should probably always be checked.
> My situation is actually pretty hostile to your code so it's hard to
> really blame you; specifically it's a chrooted Unix service and there
> either isn't a /dev directory much less a random/urandom file.
> Strangely the read function is called trying to read from a file
> descriptor that is my log file (and write only). I'm not positive what is
> going on but I'll sort it out and report back but figured a good place to
> start was pointing out the regression.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the botan-devel