Package: libssl0.9.6 Version: 0.9.6a-3 Severity: grave Hi, I found a bug in openssl that allows me to segfault an application using it by giving it an invalid RSA key. This probably causes a security hole in applications (such as Tunnel Vision) using the library, since they must accept keys from the outside world in order to form connections. The sample code below segfaults if linked with electric fence; the segfault goes away if a larger buffer is allocated (say 2048 bytes) -- this implies that the d2i_RSAPrivateKey routine is reading past the end of the buffer. MY_KEY is part of a valid RSA private key that I'm using for testing (ie. I don't care who obtains/uses this particular key). Compile like this: gcc -o killssl killssl.c -lcrypto -lefence && ./killssl (killssl.c follows my signature) Have fun, Avery -- System Information Debian Release: testing/unstable Kernel Version: Linux insight 2.4.5 #4 mer jun 6 19:48:40 EDT 2001 i586 unknown Versions of the packages libssl0.9.6 depends on: ii libc6 2.2.3-1 GNU C Library: Shared libraries and Timezone ii libssl0.9.6 0.9.6a-3 SSL shared libraries #include <assert.h> #include <openssl/rsa.h> #include <string.h> #define MY_KEY "3082025d02010002818100eadddbb732306fe715ddc6046af391d950934910e67ce187f228cfb3579f2903eba1cb55c8e526937e28cb551498a4926b549ddaad2babd089ed579f0fc2826d6da0951247fdacc3763b160e75a278656b67d299ecee004e63e54ae208b8771fd3118dcdcd7963a5bf2789f2ef4b3b340575375e0c401a78c94408e360f7019d020103028181009c93e7cf76caf544b93e8402f1f7b690e06230b5eefdebaff6c5dfcce514c6029d16878e85ee19b7a970878e0dbb18619ce313e71e1d1d35b148e514b52c56f2577a02174dd6f966951ea69f627f5994e9853a5a35287ce05b0af3f8a690f6f81ba6400305fc6d44ae70c7ea63f419d4f3d937959f8dba7f4e840cc3f66e8c53024100f5ac56bbca54364a74b01e0ca300ba7656a91cf62b36307b2a32f97c662b325d462bb6e7617e8a9219000d746932e82bf3a9b5f908ea40b165c6a2af1b277633024100f4bd3b3388e7005f21dcfe12bee2b78fb676de1c71fb1482b121e370a8b3d24e636c76e1e300352ca07e509ef02a2c48a405ae04940142086db7530e5429b8ef024100a3c839d286e2cedc4dcabeb31755d1a439c6134ec77975a7717750fd99722193841d249a40ff070c10aab3a2f0cc9ac7f7c67950b09c2b20ee846c74bcc4f977024100a328d2225b44aaea1! 693540c7f41cfb5244f3ebda1520dac" // convert a string of hex digits to a binary array. // eg: unhexify(foo, "41424344") sets foo to "ABCD". void unhexify(unsigned char *obuf, const char *ibuf) { char lookup[] = "0123456789abcdef", *c, *c2; assert(!(strlen(ibuf) %1)); // must be even number of bytes while (*ibuf != 0) { c = strchr(lookup, *ibuf); c2 = strchr(lookup, *(ibuf+1)); assert(c); assert(c2); *obuf++ = ((c - lookup) << 4) | (c2 - lookup); ibuf += 2; } } int main() { const char *keystr = MY_KEY; RSA *rp; int hexbytes = strlen(keystr); int bufsize = hexbytes/2; // causes crash // int bufsize = 2048; // no crash unsigned char *keybuf = malloc(bufsize); unhexify(keybuf, keystr); rp = RSA_new(); d2i_RSAPrivateKey(&rp, &keybuf, hexbytes/2); // CRASH! fprintf(stderr, "I didn't crash.\n"); } ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
