Subject: Re: A bunch of memory allocation bugs in CGD
To: ALeine <>
From: Roland Dowdeswell <>
List: tech-security
Date: 03/30/2005 10:59:47
On 1112190917 seconds since the Beginning of the UNIX epoch
"ALeine" wrote:

>I took a quick look at the latest NetBSD CGD code and found
>out that out of 19 memory allocation operations 11 (almost 60%)
>are done in a way that could lead to a segmentation violation
>which would leave behind a core dump full of sensitive
>information that could be used to compromise a CGD encrypted
>disk. While this attack is not very practical since it requires
>the attacker to be able to cause resource starvation at a
>specific time when cgdconfig is used, it is still possible.
>Here are the details...

Thanks for having a look at that.  I have checked in a fix.

I presume that you have addressed the cases in GBDE where malloc's
return code has not been checked?  If so, perhaps cvsweb is a little
behind.  It looks to me like 2 or 4 mallocs can use a buffer without
checking the return code.

I am not convinced that you'd be able to exploit these in either
CGD or GBDE because {Net,Free}BSD use an overcommit strategy for
memory allocation, so it is unlikely that the process will be denied
memory.  It will just get killed without a core dump when it tries
to instantiate memory that does not exist.

All that said, I've fixed the problem and will be submitting a
pullup request for the next NetBSD release.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/