libgcrypt11 1.5.0 version segfaults with NSS/PAM LDAP (AES-NI)

Andreas Metzler ametzler at downhill.at.eu.org
Sun Oct 9 16:23:14 CEST 2011 

Hello,
this is http://bugs.debian.org/643336 reported by Marc Dequènes, the
crash was not easily reproducible with gnutls-cli. The respective
system features AES-NI support.

cu andreas

--------------------------------------------
Package: libgcrypt11
Version: 1.5.0-3
Severity: important


Coin,

I'm using:
  - libgnutls26  2.12.10-2
  - libldap-2.4-2  2.4.25-3
  - libnss-ldap  264-2.2

After an upgrade a mere "id <user>" lead to the following segfault:
#0  0xb72011cd in do_aesni_enc_aligned (
    a=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>, b=0xbfb28ad8
"(\335%\267p\213\262\277\004{\343\t", ctx=0xbfb288e8) at
rijndael.c:710
#1  do_aesni (ctx=0xbfb288e8, decrypt_flag=0, bx=0xbfb28ad8
"(\335%\267p\213\262\277\004{\343\t",
    ax=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>) at rijndael.c:1132
#2  0xb72014c6 in rijndael_encrypt (context=0xbfb288e8, b=0xbfb28ad8
"(\335%\267p\213\262\277\004{\343\t",
    a=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>) at rijndael.c:1155
#3  0xb7201aa8 in selftest_basic_128 () at rijndael.c:1660
#4  0xb7201657 in selftest () at rijndael.c:1749
#5  do_setkey (keylen=16, key=0x9ff3fa8
"\035\224<n\372KWy1\355\344y\260\332\064\031\030", ctx=0xa001e90)
    at rijndael.c:209
#6  rijndael_setkey (context=0xa001e90, key=0x9ff3fa8
"\035\224<n\372KWy1\355\344y\260\332\064\031\030",
    keylen=16) at rijndael.c:444
#7  0xb71e5ae7 in cipher_setkey (c=0xa001e10, key=<optimized out>,
keylen=16) at cipher.c:896
#8  0xb71dbe04 in gcry_cipher_setkey (hd=0xa001e10, key=0x9ff3fa8,
keylen=16) at visibility.c:521
#9  0xb72faceb in wrap_gcry_cipher_setkey (ctx=0xa001e10,
key=0x9ff3fa8, keysize=16) at cipher.c:115
#10 0xb727ea92 in _gnutls_cipher_init (handle=0x9ff485c,
cipher=GNUTLS_CIPHER_AES_128_CBC, key=0x9ff4854,
    iv=0x9ff484c) at gnutls_cipher_int.c:71
#11 0xb7289d05 in _gnutls_init_record_state (read=1, state=0x9ff4844,
params=<optimized out>)
    at gnutls_constate.c:299
#12 0xb728a2c1 in _gnutls_epoch_set_keys (session=0x9ff70c0, epoch=1)
at gnutls_constate.c:431
#13 0xb728a997 in _gnutls_write_connection_state_init
(session=0x9ff70c0) at gnutls_constate.c:602
#14 0xb7272fdd in _gnutls_send_handshake_final (session=0x9ff70c0,
init=1) at gnutls_handshake.c:2888
#15 0xb72765e0 in _gnutls_handshake_common (session=0x9ff70c0) at
gnutls_handshake.c:3121
#16 0xb7277fad in gnutls_handshake (session=0x9ff70c0) at
gnutls_handshake.c:2690
#17 0xb74bfdac in tlsg_session_accept (session=0x9ff70a8) at tls_g.c:472
#18 0xb74bcd39 in ldap_int_tls_connect (ld=0x9e3ca30, conn=<optimized
out>) at tls2.c:358
#19 0xb74bd917 in ldap_int_tls_start (ld=0x9e3ca30, conn=0x9e3c980,
srv=0x0) at tls2.c:825
#20 0xb74bdc79 in ldap_install_tls (ld=0x9e3ca30) at tls2.c:897
#21 0xb74dbc1d in ?? () from /lib/libnss_ldap.so.2
#22 0xb74dc251 in ?? () from /lib/libnss_ldap.so.2
#23 0xb74dcaa5 in ?? () from /lib/libnss_ldap.so.2
#24 0xb74dcdf1 in ?? () from /lib/libnss_ldap.so.2
#25 0xb74dd570 in _nss_ldap_getpwnam_r () from /lib/libnss_ldap.so.2
#26 0xb773e495 in getpwnam_r () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#27 0xb773deff in getpwnam () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#28 0x08049594 in ?? ()
#29 0xb76bee46 in __libc_start_main () from
/lib/i386-linux-gnu/i686/cmov/libc.so.6
#30 0x08049b49 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further

Reverting to 1.4.6-9 fixed the problem.

Regards.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/8 CPU cores)
--------------------------------------------

More information about the Gcrypt-devel mailing list