I have been testing aircrack-ng-9999 for HOURS trying to figure out why the tests fail, and I'm shocked to say I believe it's a bug in the hardened toolchain, OR that the fix from bug 359730 is wrong. I've tested building aircrack-ng like this: FEATURES="test" ACCEPT_KEYWORDS="**" emerge \=aircrack-ng-9999 -1 --jobs=1 When system CFLAGS contain {,-O,-O0,-O1,-O2,-O3} and hardened gcc profile x86_64-pc-linux-gnu-{4.6.3,4.7.3}{,-hardenednossp} Super interestingly, this doesn't fail if the CFLAGS contain -Os. Compiles on non-hardened fine (as evident from my list of failing gcc profiles not including -vanilla) and tested by several users on gentoo, as well as a user who was kind enough to test on debian and centos for me. I believe I've gone as far as I can here, I could really use some help figuring out wtf is going on here. make -C src check make[1]: Entering directory `/usr/src/aircrack-ng/src' ./aircrack-ng -w ../test/password.lst -a 2 -e Harkonen -q ../test/wpa2.eapol.cap | grep 'KEY FOUND! \[ 12345678 \]' KEY FOUND! [ 12345678 ] ./aircrack-ng -w ../test/password.lst -a 2 -e test -q ../test/wpa.cap | grep 'KEY FOUND! \[ biscotte \]' KEY FOUND! [ biscotte ] ./aircrack-ng -w ../test/password.lst -a 2 -e linksys -q ../test/wpa2-psk-linksys.cap | grep 'KEY FOUND! \[ dictionary \]' KEY FOUND! [ dictionary ] ./aircrack-ng -w ../test/password.lst -a 2 -e linksys -q ../test/wpa-psk-linksys.cap | grep 'KEY FOUND! \[ dictionary \]' KEY FOUND! [ dictionary ] ../test/test-airdecap-ng.sh /usr/src/aircrack-ng/src Number of decrypted WPA packets 2 Number of decrypted WPA packets 53 make[1]: *** [check] Error 1 make[1]: Leaving directory `/usr/src/aircrack-ng/src' make: *** [check] Error 2 (in the background a sha1sum verification of the output file of airdecap-ng fails indicatating that that something bad happened)
Created attachment 360130 [details, diff] memcpy-overlap.patch (In reply to Rick Farina (Zero_Chaos) from comment #0) > I have been testing aircrack-ng-9999 for HOURS trying to figure out why the > tests fail, and I'm shocked to say I believe it's a bug in the hardened > toolchain, OR that the fix from bug 359730 is wrong. The bug ID is not seemingly valid :] > I've tested building aircrack-ng like this: > > FEATURES="test" ACCEPT_KEYWORDS="**" emerge \=aircrack-ng-9999 -1 --jobs=1 > > When system CFLAGS contain {,-O,-O0,-O1,-O2,-O3} and hardened gcc profile > x86_64-pc-linux-gnu-{4.6.3,4.7.3}{,-hardenednossp} > > Super interestingly, this doesn't fail if the CFLAGS contain -Os. > > Compiles on non-hardened fine (as evident from my list of failing gcc > profiles not including -vanilla) and tested by several users on gentoo, as > well as a user who was kind enough to test on debian and centos for me. > > I believe I've gone as far as I can here, I could really use some help > figuring out wtf is going on here. > > make -C src check > make[1]: Entering directory `/usr/src/aircrack-ng/src' > ./aircrack-ng -w ../test/password.lst -a 2 -e Harkonen -q > ../test/wpa2.eapol.cap | grep 'KEY FOUND! \[ 12345678 \]' > KEY FOUND! [ 12345678 ] > ./aircrack-ng -w ../test/password.lst -a 2 -e test -q ../test/wpa.cap | grep > 'KEY FOUND! \[ biscotte \]' > KEY FOUND! [ biscotte ] > ./aircrack-ng -w ../test/password.lst -a 2 -e linksys -q > ../test/wpa2-psk-linksys.cap | grep 'KEY FOUND! \[ dictionary \]' > KEY FOUND! [ dictionary ] > ./aircrack-ng -w ../test/password.lst -a 2 -e linksys -q > ../test/wpa-psk-linksys.cap | grep 'KEY FOUND! \[ dictionary \]' > KEY FOUND! [ dictionary ] > ../test/test-airdecap-ng.sh /usr/src/aircrack-ng/src > Number of decrypted WPA packets 2 > Number of decrypted WPA packets 53 > make[1]: *** [check] Error 1 > make[1]: Leaving directory `/usr/src/aircrack-ng/src' > make: *** [check] Error 2 > > > (in the background a sha1sum verification of the output file of airdecap-ng > fails indicatating that that something bad happened) valgrind is your friend in this case: ==24305== Command: ./airdecap-ng -e linksys -p dictionary ../test/wpa-psk-linksys.cap ==24305== ==24305== Source and destination overlap in memcpy(0x60b938, 0x60b940, 139) ==24305== at 0x4C2DCD3: memcpy@@GLIBC_2.14 (mc_replace_strmem.c:882) ==24305== by 0x403265: main (airdecap-ng.c:877) ==24305== ==24305== Source and destination overlap in memcpy(0x60b92c, 0x60b93e, 133) ==24305== at 0x4C2DCD3: memcpy@@GLIBC_2.14 (mc_replace_strmem.c:882) ==24305== by 0x4017CD: write_packet (airdecap-ng.c:165) ==24305== by 0x4032A9: main (airdecap-ng.c:883) ==24305== Attached patch which fixes hardened tests for me :]
You sir, rule. Thanks. ozzie aircrack-ng # svn commit -m "Sergei Trofimovich is my new hero, I find bugs and he knocks them down. Fix memcpy overlap https://bugs.gentoo.org/show_bug.cgi?id=486984" Sending src/airdecap-ng.c Transmitting file data . Committed revision 2337.
