[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Guido Günther <agx@sigxcpu.org> writes:

> They are basically identical but the git version got a length check
> added in 3.8.4 which is missing in Wheezy and which is responsible for
> the crashes detailed here:
>   https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
> I did not try the patched openssl to crash the matrixssl server and I
> did not look into the details of the "miscalculation issue" described in
> the above article since I took the indication of the missing length
> check as sufficient to put matrixssl into dla-needed.

Ok, thanks. If you put aside the packaging issues, that looks like it
should be easy to patch.

For the benefit of other readers, this is the patched code:

        reverse an array, used for unsigned bin code
static void pstm_reverse(unsigned char *s, uint16_t len)
        uint16_t                ix, iy;
        unsigned char   t;

        if (len == 0) {
        ix = 0;
        iy = len - 1;
        while (ix < iy) {
                t     = s[ix];
                s[ix] = s[iy];
                s[iy] = t;

The wheezy function is the same but without the len == 0 check. As a
result, if len = 0, iy would get set to -1 which ends up being an
unexpectedly large value because it is unsigned.

This looks like a different security issue to that in the security

I will have a look and see if I can hack^h^h^h^hpatch the Debian package
to include the above security fix; although I don't have any exploits
test it with.
Brian May <bam@debian.org>

Reply to: