Your message dated Thu, 06 Jul 2017 16:51:07 +0000
with message-id <[email protected]>
and subject line Bug#866964: fixed in libgcrypt20 1.7.8-2
has caused the Debian Bug report #866964,
regarding libgcrypt20: mpi_set_secure leads to heap corruption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
866964: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866964
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgcrypt20
Version: 1.7.6-2+deb9u1
Severity: normal
Tags: patch

The function `mpi_set_secure' is used by `gcry_mpi_set_flag' to convert
an integer so as to use `secure' (i.e., locked, non-swappable) memory.
It's broken.

The code in 1.7.8 (sid) is the same, so that's broken too.
    
The code allocates enough secure memory for the active limbs, copies
them from the existing buffer, and stores a pointer to the new buffer --
all without reducing the separate count of the number of allocated
limbs.  In particular, when the securified integer is freed,
`_gcry_mpi_free' calls `_gcry_mpi_free_limb_space' to release the limb
buffer, giving it the allocated size, and the latter attempts to zeroize
the storage, leading to a heap corruption.

The patch fixes the problem.  I've not thought deeply about the
performance effects: maybe it'd be better to allocate the same total
limb buffer rather than just the active size, but this patch is simple
and obviously right.

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index 6dee0b9..2a32d26 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -260,6 +260,7 @@ mpi_set_secure( gcry_mpi_t a )
   MPN_COPY( bp, ap, a->nlimbs );
   a->d = bp;
   _gcry_mpi_free_limb_space (ap, a->alloced);
+  a->alloced = a->nlimbs;
 }
 
 

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Foreign Architectures: amd64

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libgcrypt20 depends on:
ii  libc6          2.24-11+deb9u1
ii  libgpg-error0  1.26-2

libgcrypt20 recommends no packages.

Versions of packages libgcrypt20 suggests:
pn  rng-tools  <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: libgcrypt20
Source-Version: 1.7.8-2

We believe that the bug you reported is fixed in the latest version of
libgcrypt20, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libgcrypt20 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Jul 2017 18:16:23 +0200
Source: libgcrypt20
Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb 
libgcrypt11-dev libgcrypt-mingw-w64-dev
Architecture: source
Version: 1.7.8-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 866964
Description: 
 libgcrypt11-dev - transitional libgcrypt11-dev package
 libgcrypt20-dev - LGPL Crypto library - development files
 libgcrypt20-doc - LGPL Crypto library - documentation
 libgcrypt20 - LGPL Crypto library - runtime library
 libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb)
 libgcrypt-mingw-w64-dev - LGPL Crypto library - Windows development
Changes:
 libgcrypt20 (1.7.8-2) unstable; urgency=medium
 .
   * 30_mpi-Fix-mpi_set_secure.patch from upstream LIBGCRYPT-1-7-BRANCH: Fix
     memory allocation in mpi_set_secure. Closes: #866964
   * Drop override_dh_strip from debian/rules.
Checksums-Sha1: 
 1749fd19a1841cd01e53759536b32cf26f54d8eb 2914 libgcrypt20_1.7.8-2.dsc
 5c56cf8138f3e521d3bb85bb74a2b431d13293af 26620 
libgcrypt20_1.7.8-2.debian.tar.xz
Checksums-Sha256: 
 50756aa88fe20558993c3d73e1f611e28ec78daab7b4e61a0ac0efdbd3da910d 2914 
libgcrypt20_1.7.8-2.dsc
 7ddf57bcb8a1eb78d89af15dc138e4016ebca49ea8b78049ea4c71a8bb4cd31b 26620 
libgcrypt20_1.7.8-2.debian.tar.xz
Files: 
 5d6f2f05d4efcc81612dd3052872f94d 2914 libs optional libgcrypt20_1.7.8-2.dsc
 8a719bfb2a297943a7f338f1cea212fe 26620 libs optional 
libgcrypt20_1.7.8-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlleZV0ACgkQpU8BhUOC
FITY0w//TEOok2+lwfHfEV5KiSQJz6aVahEWj/nwn5+nBJx1+7uaFw2NA45xIvXx
bs8PeOq5En/TBPXpMkLJQddq6NSP51mfqPqr5JmO3EykVRutiFXvftgv9gzWXF86
5UaA2pq4HH0ouBVO/MR6Oz+nM0dyY/z8N91S4wg+bg8hdABMeLDaAYeRtgiqBcdC
q05mcmM3TfpqdtYPnEZIJWa/jIGbT74uDOVfEAo09ZGTyRbBi3HDljEoTvCtfgKm
X+KGgsN0y1nztnhO3eVzwHwJ3PSceTHKRZyzRaaOS8WPf3WUBOWx3Cb27VbfJUQw
kSN8MWWggic+hDUAnT5MGnVrrdESQATErYwG+ZFj8Cdc5WduKtkY/0c4NkjvndBj
d+kHhX9cgelh/eLNRNZINdqIslR66FiIgGAfsPMiHLlEZVzwpLcPj0R3tBfiZIz6
iF8EJmuRLhAicuyKKf/1xCRcdzjM3p4cx4bktqFLP8ACmsFOUZ+YJOaPZh/8Lu2y
IldVI0sy95BeTQPV5nQVygJNt9vtRHXILuZKtmA8/ILnda47nu2NQEJBFrVgzLeI
5GT2Ujp+MoMLmYE9YAcxYOK57AYQ4Rbx/tn0yCHyYKue1TYnnvesB4HFy0oVOmYq
xjylzMOVDz9dfQgHbe75elRD/rIRcazSwEbH8ZgA2tFMsj4Arms=
=yMQB
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to