Invalid read reported by valgrind in call to gcry_kdf_derive

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Invalid read reported by valgrind in call to gcry_kdf_derive

GnuPG - Libgcrypt - Dev mailing list
Tested on the latest repository checkout.

==17149== Invalid read of size 32
==17149==    at 0x525B90: ??? (sha256-avx2-bmi2-amd64.S:307)
==17149==    by 0x4F7777: _gcry_md_block_write (hash-common.c:176)
==17149==    by 0x480B8F: _gcry_sha256_hash_buffer (sha256.c:639)
==17149==    by 0x45B412: prepare_macpads (md.c:962)
==17149==    by 0x45B412: _gcry_md_setkey (md.c:1034)
==17149==    by 0x456C09: _gcry_kdf_pkdf2 (kdf.c:185)
==17149==    by 0x477DB7: _gcry_kdf_scrypt (scrypt.c:306)
==17149==    by 0x429362: gcry_kdf_derive (visibility.c:1312)
==17149==    by 0x42497A: main (libgcrypt_scrypt_oob_read.c:23)
==17149==  Address 0x6025300 is 6 bytes after a block of size 90 alloc'd
==17149==    at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17149==    by 0x4248DB: main (libgcrypt_scrypt_oob_read.c:15)

Found by Cryptofuzz running on OSS-Fuzz.

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

libgcrypt_scrypt_oob_read.c (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Invalid read reported by valgrind in call to gcry_kdf_derive

Jussi Kivilinna-2
Hello,

On 3.2.2021 15.09, Guido Vranken via Gcrypt-devel wrote:

> Tested on the latest repository checkout.
>
> ==17149== Invalid read of size 32
> ==17149==    at 0x525B90: ??? (sha256-avx2-bmi2-amd64.S:307)
> ==17149==    by 0x4F7777: _gcry_md_block_write (hash-common.c:176)
> ==17149==    by 0x480B8F: _gcry_sha256_hash_buffer (sha256.c:639)
> ==17149==    by 0x45B412: prepare_macpads (md.c:962)
> ==17149==    by 0x45B412: _gcry_md_setkey (md.c:1034)
> ==17149==    by 0x456C09: _gcry_kdf_pkdf2 (kdf.c:185)
> ==17149==    by 0x477DB7: _gcry_kdf_scrypt (scrypt.c:306)
> ==17149==    by 0x429362: gcry_kdf_derive (visibility.c:1312)
> ==17149==    by 0x42497A: main (libgcrypt_scrypt_oob_read.c:23)
> ==17149==  Address 0x6025300 is 6 bytes after a block of size 90 alloc'd
> ==17149==    at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==17149==    by 0x4248DB: main (libgcrypt_scrypt_oob_read.c:15)
>
> Found by Cryptofuzz running on OSS-Fuzz.
>

Thanks for reporting. I'll be posting patch to mailing-list soon.

-Jussi

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel