[botan-devel] SEGV in RNG after updating to 1.10.7

William K. Foster wkf at alum.mit.edu
Thu Feb 6 18:05:45 EST 2014


I found in the debugger that got == -1 in the patched code when it crashed
most recently.  This is cast to unsigned 18446744073709551615 in add().


On Thu, Feb 6, 2014 at 2:51 PM, William K. Foster <wkf at alum.mit.edu> wrote:

> I do not have a simple test case, I find this when running my applications
> test suite and it occurs in about one in 10,000 runs.
>
> Here is another stack trace:
>
> #1  0x00000000005c7cfe in GlobalSignalTermHandler (sig=11) at
> Param.cpp:1422
> #2  <signal handler called>
> #3  0x00000000006e324c in reverse_bytes (val=<optimized out>) at
> build/include/botan/bswap.h:89
>  #4  load_be<unsigned long long> (off=<optimized out>, in=<optimized
> out>) at build/include/botan/loadstor.h:203
> #5  Botan::(anonymous namespace)::SHA2_64::compress (digest=...,
> input=0x2a916000 <Address 0x2a916000 out of bounds>,
> blocks=144115188075855871) at src/hash/sha2_64/sha2_64.cpp:61
> #6  0x00000000006e75cb in Botan::SHA_512::compress_n (this=<optimized
> out>, input=0xff25457799f258bf <Address 0xff25457799f258bf out of bounds>,
> blocks=3642481287135357789) at src/hash/sha2_64/sha2_64.cpp:214
> #7  0x00000000006de46c in Botan::MDx_HashFunction::add_data
> (this=0x1d266070, input=0x1d253200 "h \345  [\231\177\204",
> length=<optimized out>) at src/hash/mdx_hash/mdx_hash.cpp:62
> #8  0x000000000078023e in update (length=<optimized out>, in=<optimized
> out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
> #9  Botan::HMAC::add_data (this=<optimized out>, input=0xff25457799f258bf
> <Address 0xff25457799f258bf out of bounds>, length=3642481287135357789) at
> src/mac/hmac/hmac.cpp:19
> #10 0x00000000007d742e in update (length=<optimized out>, in=<optimized
> out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
> #11 Botan::Entropy_Accumulator_BufferedComputation::add_bytes
> (this=<optimized out>, bytes=0xff25457799f258bf <Address 0xff25457799f258bf
> out of bounds>, length=3642481287135357789) at
> build/include/botan/entropy_src.h:113
>  #12 0x000000000080a53d in add (entropy_bits_per_byte=<optimized out>,
> length=18446744073709551615, bytes=<optimized out>, this=<optimized out>)
> at build/include/botan/entropy_src.h:72
> #13 Botan::Device_EntropySource::poll (this=<optimized out>, accum=...) at
> src/entropy/dev_random/dev_random.cpp:96
> #14 0x00000000007d611f in Botan::HMAC_RNG::reseed (this=0x1d1ea5a0,
> poll_bits=128) at src/rng/hmac_rng/hmac_rng.cpp:86
> #15 0x00000000007d704c in Botan::HMAC_RNG::randomize (this=0x1d1ea5a0,
> out=0x1d2531c0 "\371DA\266\223\066[`\"i\026a\177\360", <incomplete sequence
> \360>, length=0) at src/rng/hmac_rng/hmac_rng.cpp:59
> #16 0x00000000007d7c77 in random_vec (bytes=<optimized out>,
> this=0x1d1ea5a0) at build/include/botan/rng.h:43
> #17 Botan::ANSI_X931_RNG::update_buffer (this=0x1d1fa780) at
> src/rng/x931_rng/x931_rng.cpp:43
> #18 0x00000000007d8c71 in Botan::ANSI_X931_RNG::randomize
> (this=0x1d1fa780, out=0x2b8386d28997 "", length=1) at
> src/rng/x931_rng/x931_rng.cpp:25
> #19 0x000000000077c512 in Botan::(anonymous
> namespace)::Serialized_PRNG::randomize (this=0x1d1bcde0, out=0x2b8386d28997
> "", len=1) at src/libstate/global_rng.cpp:119
> #20 0x00000000005c9d22 in Botan::AutoSeeded_RNG::randomize
> (this=0x1d1c21a0, out=0x2b8386d28997 "", len=1) at
> ../../src/Botan/build/include/botan/auto_rng.h:24
> #21 0x000000000071a5fb in Botan::RandomNumberGenerator::next_byte
> (this=0x7ef0b70dc689e162) at src/rng/rng.cpp:22
> #22 0x00000000005c5ffe in random::generate () at Param.cpp:1864
>
> I will try the patch and see if the crash goes away.  I am able to get
> this in the debugger when it happens, but not easily strace since that
> would mean using strace thousands of time until it failed.  Is there
> anything more I can get from the debugger to help or any change to apply to
> the code to provide more info when this case occurs?
>
> Thanks.
>
> -William
>
>
>
> On Thu, Feb 6, 2014 at 6:54 AM, Jack Lloyd <lloyd at randombit.net> wrote:
>
>>
>> The /dev/random reader did change in 1.10.7. I've been unable to replicate
>> this crash but from the backtrace I do see a flow that would cause a crash
>> if read() on the device returns an error.
>>
>> If you have any ability to repliacate this issue it would be great if
>> you could strace the process and find the exact error that is being
>> returned. Likely it is EAGAIN or similiar as we are using non-blocking
>> reads, so if select returns readable and then in the intervening time
>> some other process drains the /dev/random pool that would trigger this
>> bug.
>>
>> This patch should fix the crash:
>>
>> #
>> # old_revision [7f0a8fd7748331d87d6ec9ae013459e4c02c75e8]
>> #
>> # patch "src/entropy/dev_random/dev_random.cpp"
>> #  from [cb24a224755a8464707182e5c3fbd5a92f4c3c6b]
>> #    to [bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19]
>> #
>> ============================================================
>> --- src/entropy/dev_random/dev_random.cpp
>> cb24a224755a8464707182e5c3fbd5a92f4c3c6b
>> +++ src/entropy/dev_random/dev_random.cpp
>> bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19
>> @@ -93,7 +93,9 @@ void Device_EntropySource::poll(Entropy_
>>        if(FD_ISSET(devices[i], &read_set))
>>           {
>>           const ssize_t got = ::read(devices[i], &io_buffer[0],
>> io_buffer.size());
>> -         accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
>> +
>> +         if(got > 0)
>> +            accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
>>           }
>>        }
>>     }
>>
>> On Mon, Feb 03, 2014 at 03:57:29PM -0800, William K. Foster wrote:
>> > Hello,
>> >
>> > I recently updated from Botan v1.10.5 to v1.10.7 and I've seen a SEGV
>> that
>> > is not easily reproducible in the RNG constructor:
>> >
>> > #1  0x00000000005c794e in GlobalSignalTermHandler (sig=11) at
>> Param.cpp:1422
>> > #2  <signal handler called>
>> > #3  0x00000000006e4bdc in Botan::(anonymous
>> > namespace)::SHA2_64::compress(Botan::MemoryRegion<unsigned long long>&,
>> > unsigned char const*, unsigned long) ()
>> > #4  0x00000000006dfd3f in Botan::MDx_HashFunction::add_data(unsigned
>> char
>> > const*, unsigned long) ()
>> > #5  0x000000000080da34 in
>> > Botan::Device_EntropySource::poll(Botan::Entropy_Accumulator&) ()
>> > #6  0x00000000007d168e in Botan::HMAC_RNG::reseed(unsigned long) ()
>> > #7  0x00000000007d4c9e in Botan::ANSI_X931_RNG::reseed(unsigned long) ()
>> > #8  0x000000000077ade4 in
>> > Botan::Library_State::make_global_rng(Botan::Algorithm_Factory&,
>> > Botan::Mutex*) ()
>> > #9  0x00000000006eac6b in Botan::Library_State::global_rng() ()
>> > #10 0x00000000005cd2fb in Botan::AutoSeeded_RNG::AutoSeeded_RNG
>> > (this=0x7fff204511d0) at
>> ../../src/Botan/build/include/botan/auto_rng.h:40
>> >
>> > The calling code is doing a default constructor of an RNG:
>> >
>> >     Botan::AutoSeeded_RNG rng;
>> >
>> > This usually works, but on occasion I get a SEGV.
>> >
>> > Could this be related to changes between v1.10.5 and v1.10.7?
>> >
>> > Thanks.
>> >
>> > -William
>>
>> > _______________________________________________
>> > botan-devel mailing list
>> > botan-devel at randombit.net
>> > http://lists.randombit.net/mailman/listinfo/botan-devel
>>
>> _______________________________________________
>> botan-devel mailing list
>> botan-devel at randombit.net
>> http://lists.randombit.net/mailman/listinfo/botan-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20140206/a41e4acb/attachment.html>


More information about the botan-devel mailing list