| Summary: | dev-libs/libksba-1.0.2 crashes when verifying a signature with gpgsm | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Robert Spillner <trent2> |
| Component: | [OLD] Library | Assignee: | Crypto team [DISABLED] <crypto+disabled> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| URL: | https://bugs.g10code.com/gnupg/issue848 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
libksba-1.0.2-x86_64.patch
Debug output from aforementioned command |
||
Portage 2.1.3.9 (default-linux/amd64/2006.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r8 x86_64) ================================================================= System uname: 2.6.22-gentoo-r8 x86_64 Intel(R) Pentium(R) D CPU 3.20GHz Timestamp of tree: Tue, 06 Nov 2007 17:00:01 +0000 app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.1.2-r1 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig confache distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acpi alsa amd64 berkdb bitmap-fonts cjk cli cracklib crypt cups doc dri dvb dvd dvdr dvdread eds emacs emboss encode foomaticdb fortran gif gnome gpm gstreamer gtk gtk2 iconv imlib immqt-bc ipv6 isdnlog jpeg kde lzw lzw-tiff midi mp3 mpeg mudflap ncurses nls nptl opengl openmp pam pcre perl png pppd python qt qt3 qt4 quicktime readline reflection sdl session spell spl ssl tcpd tetex tiff truetype-fonts type1-fonts unicode usb xorg xpm xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY Verifying is working with dev-libs/libksba-1.0.0, so I'm downgrading now: > gpgsm --verify ich.txt i.txt gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION! gpgsm: It is only intended for test purposes and should NOT be gpgsm: used in a production environment or with production keys! gpgsm: detached signature gpgsm: Signatur erzeugt am 2007-11-10 09:48:54mittels Zertifikat ID 6D3B8768 gpgsm: certificate is good gpgsm: certificate is good gpgsm: can't connect to `/tmp/gpg-d3t1lq/S.gpg-agent': Datei oder Verzeichnis nicht gefunden gpgsm: Verbindung zum gpg-agent nicht möglich - Ersatzmethode wird versucht gpgsm: can't connect to `/home/trent/.gnupg/S.gpg-agent': Datei oder Verzeichnis nicht gefunden gpgsm: Kein aktiver gpg-agent - es wird einer gestarted can't connect to `/home/trent/.gnupg/log-socket': Verbindungsaufbau abgelehnt gpgsm: DBG: connection to agent established gpgsm: policies not checked due to --disable-policy-checks option gpgsm: CRLs not checked due to --disable-crl-checks option gpgsm: Korrekte Signatur von "/CN=Thawte Freemail Member/EMail=Robert.Spillner@post.rwth-aachen.de" gpgsm: alias "Robert.Spillner@post.rwth-aachen.de" secmem usage: 0/16384 bytes in 0 blocks Please upgrade again and check if it works. I think I remember that something was wrong with these two... Try to emerge new libksb and then gpgme again. Upgraded libksba again to 1.0.2, reemerged gnupg, tried again, yet still it doesn't work. Please reemerge also gpgme. Thanks. Upgraded gpgme to gpgme-1.1.4. Still no improvement. Sorry... Can you please consider migrating to gnupg-2? The gpgsm you are using is very old... Put the followin in package.keywords app-crypt/gpgme ~x86_64 # for gnupg app-crypt/gnupg ~x86_64 app-crypt/pinentry ~x86_64 # for gnupg dev-libs/libassuan ~x86_64 # for gnupg dev-libs/libgcrypt ~x86_64 # for gnupg dev-libs/libgpg-error ~x86_64 # for gnupg dev-libs/libksba ~x86_64 # for gnupg If it does not work, can you please attach the file that cause this, so I can try and reproduce? Thanks! Well, I was using the latest stable version from portage for amd64... I've now migrated to gnupg-2, (and libksba-1.0.2 again), still segfaulting. Only downgrading to libksba-1.0.0 won't work now with gnupg-2.0.7. The file I used to sign and verify only contains the words "Some Text". I can reproduce this with any file at least on my system. Sorry, no success yet. Reading msg1780 from https://bugs.g10code.com/gnupg/issue582 I tried to run ksba-1.0.2's configure with --disable-optimization. As I couldn't find this option in the configure-script I manually removed "-O2" from the compiler flags in the Makefile, stripped and installed the compiled library. Miracously, verifying a signature now works with libksba-1.0.2 compiled without optimization. Created attachment 135709 [details, diff]
libksba-1.0.2-x86_64.patch
Great!
Can you please check if this works?
Alon.
Applied the patch to the ebuild, works. Thanks! Robert Great. Rober, would you mind to run the optimized version again with the envvar DEBUG_BER_DECODER=1 set and send me the output by PM to wk@gnupg.org? Thanks Werner! Robert: This is using the reverted ebuild and: DEBUG_BER_DECODER=1 emerge --oneshot libksba DEBUG_BER_DECODER=1 gpgsm --verify --debug-all --disable-crl-checks --disable-policy-checks i.txt ich.txt (In reply to comment #16) > DEBUG_BER_DECODER=1 gpgsm --verify --debug-all --disable-crl-checks > --disable-policy-checks i.txt ich.txt > Uh, I already did this couple of days ago and sent the output to Werner as requested by pm. Should've mentioned this. For the sake of completeness I'm going to add it here, too (see next attachement) Created attachment 136168 [details]
Debug output from aforementioned command
Using this patch for the libksba-1.0.2 source code removes a compiler warning for ber-decoder.c (node might be (and in fact is) used uninitialized) as well as the reported segmentation fault for the library compiled with optimization.
--- ber-decoder.c~ 2007-07-04 13:27:14.000000000 +0200
+++ ber-decoder.c 2007-11-19 17:29:48.000000000 +0100
@@ -766,7 +766,7 @@
decoder_next (BerDecoder d)
{
struct tag_info ti;
- AsnNode node;
+ AsnNode node = NULL;
gpg_error_t err;
DECODER_STATE ds = d->ds;
int debug = d->debug;
Are you sure it solves the problem? What Werner say about this? Thanks! Don't know what he thinks, I mailed him a week ago about it. It definetely fixes the segfault for me, I've traced this with gdb and I'm very sure about it: When not initializing the pointer node, gcc compiled with -O1 makes node point to the BerDecoder struct given as the function's argument. Writing to the bogus node as an AsnNode (in a different function) later on overwrites parts of the BerDecoder struct, that causes the segmentation fault. However, I don't know whether initializing node with "NULL" is a good choice, because I don't really know about the semantics of the whole parsing process. So yes, it solves my/a problem; does it always do the right thing -- I don't know. Thanks! |
Installed: app-crypt/gnupg-1.9.21 dev-libs/libksba-1.0.2 with debug symbols, dev-libs/libassuan-1.0.2-r1 dev-libs/libgcrypt-1.2.4 Reproducible: Always Steps to Reproduce: 1. gpgsm -s ich.txt > i.txt (works) 2. gdb gpgsm Actual Results: GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu"... (no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run --verify --debug-all --disable-crl-checks --disable-policy-checks i.txt ich.txt Starting program: /usr/bin/gpgsm --verify --debug-all --disable-crl-checks --disable-policy-checks i. txt ich.txt (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) gpgsm: Optionen werden aus `/home/trent/.gnupg/gpgsm.conf' gelesen gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION! gpgsm: It is only intended for test purposes and should NOT be gpgsm: used in a production environment or with production keys! gpgsm: detached signature Program received signal SIGSEGV, Segmentation fault. _ksba_ber_decoder_decode (d=0x65ff80, start_name=0x2adde64d9710 "CryptographicMessageSyntax.SignerInfo", r_root=0x650148, r_image=0x650150, r_imagelen=0x650158) at ber-decoder.c:1148 1148 node->off = (ksba_reader_tell (d->reader) (gdb) bt full #0 _ksba_ber_decoder_decode (d=0x65ff80, start_name=0x2adde64d9710 "CryptographicMessageSyntax.SignerInfo", r_root=0x650148, r_image=0x650150, r_imagelen=0x650158) at ber-decoder.c:1148 n = 6684544 c = -431122672 err = 0 node = (AsnNode) 0x2adde64d9710 buf = (unsigned char *) 0x0 buflen = 0 startoff = 828 #1 0x00002adde64ca777 in create_and_run_decoder (reader=0x641700, elem_name=0x2adde64d9710 "CryptographicMessageSyntax.SignerInfo", r_root=0x650148, r_image=0x650150, r_imagelen=0x650158) at cms-parser.c:108 err = 0 cms_tree = (ksba_asn_tree_t) 0x65ff50 decoder = (BerDecoder) 0x65ff80 #2 0x00002adde64cb4df in _ksba_cms_parse_signed_data_part_2 (cms=0x641f00) at cms-parser.c:747 off1 = 828 ti = {class = CLASS_UNIVERSAL, is_constructed = 1, tag = 17, length = 551, ndef = 0, nhdr = 4, buf = "1\202\002'�\020��'", err_string = 0x0, non_der = 0} err = 0 si = <value optimized out> si_tail = (struct signer_info_s **) 0x641fb8 #3 0x00002adde64c8bac in ct_parse_signed_data (cms=0x641700) at cms.c:1931 state = <value optimized out> stop_reason = KSBA_SR_NEED_HASH err = <value optimized out> #4 0x00002adde64c9e55 in ksba_cms_parse (cms=0x641700, r_stopreason=0x5) at cms.c:583 err = <value optimized out> i = <value optimized out> ---Type <return> to continue, or q <return> to quit--- #5 0x0000000000416a77 in ?? () No symbol table info available. #6 0x00000000004083d8 in ?? () No symbol table info available. #7 0x00002adde6e59b74 in __libc_start_main () from /lib/libc.so.6 No symbol table info available. #8 0x00000000004060a9 in ?? () No symbol table info available. #9 0x00007fffc4b628d8 in ?? () No symbol table info available. #10 0x0000000000000000 in ?? () No symbol table info available.