[erlang-bugs] a crypto function call crashes VM
Michael Santos
michael.santos@REDACTED
Thu Aug 25 19:58:14 CEST 2011
On Thu, Aug 25, 2011 at 06:58:21PM +0200, Erik Søe Sørensen wrote:
> Simpler version:
> crypto:sha_update(list_to_binary(lists:seq(1,96)).
Maybe even simpler:
1> crypto:sha_update(<<0:(95*8), 0>>, "x").
<<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,
120,...>>
2> crypto:sha_update(<<0:(95*8), 1>>, "x").
Segmentation fault
The crypto NIF is crashing when doing a SHA_update() (crypto.c:502).
Looks like an OpenSSL bug. "1" is set in the num field of the SHA_CTX
struct.
This segfaults too:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sha.h>
int
main (int argc, char *argv[])
{
SHA_CTX ctx;
u_char zero[sizeof(ctx)];
u_char buf[sizeof(ctx)];
(void)memset(&ctx, 0, sizeof(ctx));
(void)memset(zero, 0, sizeof(zero));
SHA_Init(&ctx);
(void)memset(&ctx, 1, sizeof (ctx));
SHA_Update(&ctx, zero, sizeof(zero));
SHA_Final(buf, &ctx);
return (0);
}
> Boundary:
> 6> crypto:sha_update(list_to_binary([0 || _ <- lists:seq(1,96)]), "x").
> <<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,
> 120,...>>
> 7> crypto:sha_update(list_to_binary([1 || _ <- lists:seq(1,96)]), "x").
> Segmentation fault
>
> (Probably part of the binary is interpreted as a pointer, except when NULL.)
>
> ________________________________________
> Fra: erlang-bugs-bounces@REDACTED [erlang-bugs-bounces@REDACTED] På vegne af Kenji Rikitake [kenji.rikitake@REDACTED]
> Sendt: 25. august 2011 18:37
> Til: erlang-bugs@REDACTED
> Emne: [erlang-bugs] a crypto function call crashes VM
>
> Enter the following code to erl shell:
>
> crypto:sha_update(
> list_to_binary(lists:reverse(binary_to_list(crypto:sha_init()))), "hello").
>
> Segmentation fault occurs and VM crashed with the core dump.
>
> This is originally reported at
> https://twitter.com/#!/szktty/status/106761685284564992
> by Tetsuya Suzuki (Twitter: @szktty)
> (Tweet in Japanese but the code is the same as shown here)
>
> Verified on
> R14B03 running on FreeBSD 8.2-RELEASE x86
> and R14B03 running on RHEL v4 x86_64
> for Kyoto University Supercomputer Thin Cluster.
>
> Kenji Rikitake
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
More information about the erlang-bugs
mailing list