Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 183804 - sys-fs/cryptsetup-luks - stack smashing attack in function __crypt_luks_open
Summary: sys-fs/cryptsetup-luks - stack smashing attack in function __crypt_luks_open
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: Gentoo Security Audit Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-01 08:22 UTC by 11superstrings
Modified: 2007-09-28 13:21 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
dmesg output (dmesg.log,23.10 KB, text/plain)
2007-07-01 08:44 UTC, 11superstrings
Details
emerge --info output (emerge.info,6.65 KB, text/plain)
2007-07-01 08:45 UTC, 11superstrings
Details
Kernel Config (kernel.config,35.17 KB, text/plain)
2007-07-01 19:13 UTC, 11superstrings
Details
strace of program with issue (strace.log,11.37 KB, text/plain)
2007-07-01 19:14 UTC, 11superstrings
Details

Note You need to log in before you can comment on or make changes to this bug.
Description 11superstrings 2007-07-01 08:22:01 UTC
Hello,

When running cryptsetup luksOpen I receive a stack smashing fault. This occurs each time I attempt to run the program.  I am using a gpg encrypted key file to encrypt the partition.  These are my exact steps.

amd64# gpg --quiet --decrypt /mnt/usb/rootkey.gpg | cryptsetup -v --cipher aes-lrw-benbi --key-size 384 luksFormat /dev/mapper/nvidia_ccdbgacj3 
Command successful.

amd64# gpg --decrypt /mnt/usb/rootkey.gpg 2>/dev/null | cryptsetup luksOpen /dev/mapper/nvidia_ccdbgacj3 rootkey slot 0 unlocked.
*** stack smashing detected ***: cryptsetup - terminated
cryptsetup: stack smashing attack in function __crypt_luks_open - terminated
Report to http://bugs.gentoo.org/
Killed

amd64# 

Reproducible: Always

Steps to Reproduce:
1.Create gpg protected key file:

amd64# head -c 1500 /dev/random | uuencode -m - | head -n 2 | tail -n 1 | gpg --symmetric --cipher-algo aes256 -a >/mnt/usb/rootkey.gpg 

2. Setup encrypted partition using cryptsetup (with luks):

amd64# gpg --quiet --decrypt /mnt/usb/rootkey.gpg | cryptsetup -v --cipher aes-lrw-benbi --key-size 384 luksFormat /dev/mapper/nvidia_ccdbgacj3 

3. Open luks partition:

amd64# gpg --decrypt /mnt/usb/rootkey.gpg 2>/dev/null | cryptsetup luksOpen /dev/mapper/nvidia_ccdbgacj3 root
key slot 0 unlocked.
*** stack smashing detected ***: cryptsetup - terminated
cryptsetup: stack smashing attack in function __crypt_luks_open - terminated
Report to http://bugs.gentoo.org/
Killed


Actual Results:  
key slot 0 unlocked.
*** stack smashing detected ***: cryptsetup - terminated
cryptsetup: stack smashing attack in function __crypt_luks_open - terminated
Report to http://bugs.gentoo.org/
Killed

Expected Results:  
key slot 0 unlocked.
*** stack smashing detected ***: cryptsetup - terminated
cryptsetup: stack smashing attack in function __crypt_luks_open - terminated
Report to http://bugs.gentoo.org/
Killed
Comment 1 11superstrings 2007-07-01 08:44:18 UTC
Created attachment 123513 [details]
dmesg output
Comment 2 11superstrings 2007-07-01 08:45:01 UTC
Created attachment 123515 [details]
emerge --info output
Comment 3 11superstrings 2007-07-01 19:11:19 UTC
I have done some further testing and found this only occurs while using --key-size 384.  There is no SSP while using a key size of 320.
Comment 4 11superstrings 2007-07-01 19:13:52 UTC
Created attachment 123558 [details]
Kernel Config

Kernel configuration for system with issue.
Comment 5 11superstrings 2007-07-01 19:14:44 UTC
Created attachment 123559 [details]
strace of program with issue

The details of strace run on the program with the SSP issue.
Comment 6 Markus 2007-07-04 16:19:44 UTC
It looks similar to bug 183407
So it should work with 1.0.5, its not yet in portage, but in the bug I linked a ebuild exists "its working for me"(tm)
Comment 7 Benjamin Smee (strerror) (RETIRED) gentoo-dev 2007-09-28 13:21:30 UTC
let me know if >=cryptsetup-1.0.5 solves your problem.