NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/52986: netpgpverify broken on sparc64



The following reply was made to PR bin/52986; it has been noted by GNATS.

From: Martin Husemann <martin%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/52986: netpgpverify broken on sparc64
Date: Sun, 11 Feb 2018 15:35:50 +0000

 Something overwrites memory where it shouldn't:
 
 Setting a breakpoint on match_sig, and then on get_ref
 shows two hits to get_ref, both with the same "ref" argument,
 but memory changing between both calls (one for binary signature,
 second try for ascii armored):
 
 first get_ref:
 
 (gdb) p *ref
 $22 = {vp = 0x40802060, offset = 2, mem = 3}
 (gdb) p *pgp
 $23 = {pktsc = 10, pktsvsize = 5000, pktss = 0x40900000, primariesc = 1,
   primariesvsize = 10, primariess = 0x4080c000, areasc = 4, areasvsize = 10,
   areass = 0x40804060, datastartsc = 1, datastartsvsize = 10,
   datastartss = 0x4080a250, signaturesc = 2, signaturesvsize = 10,
   signaturess = 0x4081e800, signed_useridsc = 1, signed_useridsvsize = 10,
   signed_useridss = 0x40804240, signed_userattrsc = 0,
   signed_userattrsvsize = 0, signed_userattrss = 0x0, signed_subkeysc = 1,
   signed_subkeysvsize = 10, signed_subkeyss = 0x40827000, subpktsc = 12,
   subpktsvsize = 30, subpktss = 0x40816400, pkt = 10,
   op = 0x149110 "signature", ssh = 0}
 (gdb) p *mem
 $24 = {size = 96, cc = 96, mem = 0xffffffffffffad08 "\210^\004\001\021\b",
   fp = 0x0, dealloc = 0 '\000', allowed = 0x1492b0 "\002\004\b\v"}
 
 here mem->mem is ok and we extract the proper hashalg a few bytes into that.
 But on second call:
 
 second get_ref:
 $25 = {vp = 0x40802060, offset = 2, mem = 3}
 (gdb) p *pgp
 $26 = {pktsc = 10, pktsvsize = 5000, pktss = 0x40900000, primariesc = 1,
   primariesvsize = 10, primariess = 0x4080c000, areasc = 4, areasvsize = 10,
   areass = 0x40804060, datastartsc = 1, datastartsvsize = 10,
   datastartss = 0x4080a250, signaturesc = 2, signaturesvsize = 10,
   signaturess = 0x4081e800, signed_useridsc = 1, signed_useridsvsize = 10,
   signed_useridss = 0x40804240, signed_userattrsc = 0,
   signed_userattrsvsize = 0, signed_userattrss = 0x0, signed_subkeysc = 1,
   signed_subkeysvsize = 10, signed_subkeyss = 0x40827000, subpktsc = 12,
   subpktsvsize = 30, subpktss = 0x40816400, pkt = 10,
   op = 0x149110 "signature", ssh = 0}
 (gdb) p *mem
 $27 = {size = 96, cc = 96, mem = 0xffffffffffffad08 "", fp = 0x0,
   dealloc = 0 '\000', allowed = 0x1492b0 "\002\004\b\v"}
 
 and we get hashalg == 0.
 
 Martin
 


Home | Main Index | Thread Index | Old Index