Re: matrixssl
Guido Günther <agx@sigxcpu.org> writes:
> They are basically identical but the git version got a length check
> added in 3.8.4 which is missing in Wheezy and which is responsible for
> the crashes detailed here:
>
> https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
>
> I did not try the patched openssl to crash the matrixssl server and I
> did not look into the details of the "miscalculation issue" described in
> the above article since I took the indication of the missing length
> check as sufficient to put matrixssl into dla-needed.
Ok, thanks. If you put aside the packaging issues, that looks like it
should be easy to patch.
For the benefit of other readers, this is the patched code:
/******************************************************************************/
/*
reverse an array, used for unsigned bin code
*/
static void pstm_reverse(unsigned char *s, uint16_t len)
{
uint16_t ix, iy;
unsigned char t;
if (len == 0) {
return;
}
ix = 0;
iy = len - 1;
while (ix < iy) {
t = s[ix];
s[ix] = s[iy];
s[iy] = t;
++ix;
--iy;
}
}
The wheezy function is the same but without the len == 0 check. As a
result, if len = 0, iy would get set to -1 which ends up being an
unexpectedly large value because it is unsigned.
This looks like a different security issue to that in the security
tracker.
I will have a look and see if I can hack^h^h^h^hpatch the Debian package
to include the above security fix; although I don't have any exploits
test it with.
--
Brian May <bam@debian.org>
Reply to: