[botan-devel] Possible bug

Jack Lloyd lloyd at randombit.net
Mon Feb 17 10:21:52 EST 2014


On Sun, Feb 16, 2014 at 07:52:50PM -0500, Sviatoslav Feshchenko wrote:
> Dear Botan developers,
> 
> I suspect there may be a bug in the library or I made an error somewhere (and if so I apologize). My environment is as follows:
> 
> Botan version: 1.11.8
> OS: Linux Mint 16 Cinnamon 64-bit
> G++ v 4.8.1
> 
> Pipe::start_msg() causes a segmentation fault depending on how the pipe was set up, as demonstrated in the compilable code below. Many thanks for looking into this.

Hello,

It is indeed a bug in the library, actually very longstanding it turns
out, it just happens that before a recent change to how cipher modes
work there was not a case that would trigger it. (The short version
is: a Filter calling send from inside start_msg will likely confuse
any following filters.)

A general fix is going to be relatively involved, but the patch below
should allow things to work for any combination of filters currently
in the library.

Thanks very much for reporting this!

Jack

#
# old_revision [15bfce719ee2384a0c5d3801a34183971311d3d6]
#
# patch "src/lib/filters/filter.cpp"
#  from [01b8560dc3d4b8b983ceb7a29bae034beae9c785]
#    to [f08931bb318aa8c895f1aad1d577e9b66ceaefc8]
#
============================================================
--- src/lib/filters/filter.cpp  01b8560dc3d4b8b983ceb7a29bae034beae9c785
+++ src/lib/filters/filter.cpp  f08931bb318aa8c895f1aad1d577e9b66ceaefc8
@@ -27,6 +27,9 @@ void Filter::send(const byte input[], si
 */
 void Filter::send(const byte input[], size_t length)
    {
+   if(!length)
+      return;
+
    bool nothing_attached = true;
    for(size_t j = 0; j != total_ports(); ++j)
       if(next[j])



More information about the botan-devel mailing list