Invalid read reported by valgrind in call to gcry_kdf_derive

Guido Vranken guidovranken at gmail.com
Wed Feb 3 14:09:11 CET 2021


Tested on the latest repository checkout.

==17149== Invalid read of size 32
==17149==    at 0x525B90: ??? (sha256-avx2-bmi2-amd64.S:307)
==17149==    by 0x4F7777: _gcry_md_block_write (hash-common.c:176)
==17149==    by 0x480B8F: _gcry_sha256_hash_buffer (sha256.c:639)
==17149==    by 0x45B412: prepare_macpads (md.c:962)
==17149==    by 0x45B412: _gcry_md_setkey (md.c:1034)
==17149==    by 0x456C09: _gcry_kdf_pkdf2 (kdf.c:185)
==17149==    by 0x477DB7: _gcry_kdf_scrypt (scrypt.c:306)
==17149==    by 0x429362: gcry_kdf_derive (visibility.c:1312)
==17149==    by 0x42497A: main (libgcrypt_scrypt_oob_read.c:23)
==17149==  Address 0x6025300 is 6 bytes after a block of size 90 alloc'd
==17149==    at 0x4C31B0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17149==    by 0x4248DB: main (libgcrypt_scrypt_oob_read.c:15)

Found by Cryptofuzz running on OSS-Fuzz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20210203/6aa02b45/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libgcrypt_scrypt_oob_read.c
Type: text/x-csrc
Size: 1340 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20210203/6aa02b45/attachment.c>


More information about the Gcrypt-devel mailing list