svn commit: r296465 - in releng/9.3: . crypto/openssl crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf cry...

Dimitry Andric dim at FreeBSD.org
Wed Mar 9 20:40:08 UTC 2016 

On 09 Mar 2016, at 10:16, Xin Li <delphij at delphij.net> wrote:
> 
> FYI -- I can confirm that libcrypto is broken and have a reliable way to
> trigger it.
> 
> So far I was able to narrow down this to this change and here is a
> temporary workaround (which will reintroduce CVE-2016-0702).
> 
> Cheers,
> <bn-revert.diff>

FWIW, before the workaround I get this from valgrind:

==10050== Invalid read of size 8
==10050==    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF (bn_exp.c:585)
==10050==    by 0x6BA3438: BN_mod_exp_mont_consttime (bn_exp.c:760)
==10050==    by 0x6B84AB7: ??? (dh_key.c:156)
==10050==    by 0x4E4550B: ssh_dh_gen_key (in /usr/lib/private/libssh.so.5)
==10050==    by 0x42AEBF: kexgex_server (kexgexs.c:115)
==10050==    by 0x4E545FE: ssh_kex_input_kexinit (in /usr/lib/private/libssh.so.5)
==10050==    by 0x4E54BBE: ssh_dispatch_run (in /usr/lib/private/libssh.so.5)
==10050==    by 0x41085C: do_ssh2_kex (sshd.c:2559)
==10050==    by 0x41085C: main (sshd.c:2162)
==10050==  Address 0x2078f3580 is not stack'd, malloc'd or (recently) free'd
==10050==
==10050==
==10050== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==10050==  Access not within mapped region at address 0x2078F3580
==10050==    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF (bn_exp.c:585)
==10050==    by 0x6BA3438: BN_mod_exp_mont_consttime (bn_exp.c:760)
==10050==    by 0x6B84AB7: ??? (dh_key.c:156)
==10050==    by 0x4E4550B: ssh_dh_gen_key (in /usr/lib/private/libssh.so.5)
==10050==    by 0x42AEBF: kexgex_server (kexgexs.c:115)
==10050==    by 0x4E545FE: ssh_kex_input_kexinit (in /usr/lib/private/libssh.so.5)
==10050==    by 0x4E54BBE: ssh_dispatch_run (in /usr/lib/private/libssh.so.5)
==10050==    by 0x41085C: do_ssh2_kex (sshd.c:2559)
==10050==    by 0x41085C: main (sshd.c:2162)
==10050==  If you believe this happened as a result of a stack
==10050==  overflow in your program's main thread (unlikely but
==10050==  possible), you can try to increase the size of the
==10050==  main thread stack using the --main-stacksize= flag.
==10050==  The main thread stack size used in this run was 16777216.

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20160309/59874114/attachment.sig>

More information about the svn-src-all mailing list