Thanks for the patches, they were merged. -Ning
-----Original Message----- From: Matthias Gerstner [mailto:mgerst...@suse.de] Sent: Friday, March 09, 2018 2:45 AM To: tboot-devel@lists.sourceforge.net Subject: [tboot-devel] Memory corruption in OpenSSL related code Hello list, I am maintainer of the tboot package in SUSE distributions. One of our customers reported issues with the lcp2_crtpollist command: ``` sles15beta7:~/tpm2.0 # lcp2_crtpollist --sign --nosig --pub txt-pub.pem --out signed.lst *** Error in `lcp2_crtpollist': free(): invalid pointer: 0x000056515bf33ff0 *** Aborted (core dumped) ``` The customer also pointed me to a possible fix: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=09fae64a7515 While trying to integrate this patch it turned out that it does not really fix the issue. There is still memory corruption and `valgrind` shows a lot invalid reads and writes. As far as I can see it both, the code for OpenSSL < 1.1.0 and the code for OpenSSL >= 1.1.0 is not working correctly at the moment. There seems to have been a misunderstanding of how the OpenSSL APIs work. Please find attached two patches that I have worked on that should fix the issues. The first patch is unrelated to OpenSSL but fixes a memory leak with fopen()/fclose(). I have tested these patches only for the following codepath: ``` lcp2_crtpollist --verbose --sign --nosig --pub /root/tboot/pubkey.pem --out /root/tboot/list_unsig.lst ``` After applying my patches both OpenSSL 1.0.x and OpenSSL 1.1.x versions worked without any memory corruptions and no memory leaks remained. Best regards Matthias -- Matthias Gerstner <matthias.gerst...@suse.de> Dipl.-Wirtsch.-Inf. (FH), Security Engineer https://www.suse.com/security Telefon: +49 911 740 53 290 GPG Key ID: 0x14C405C971923553 SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel