rpms / gnutls

Clone
Source Code
GIT

Blame SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e9c22bca0b49c29655c14397627428b26fa382f1
  2.   SOURCES
  3.   gnutls-3.6.14-fix-iovec-memory-leak.patch
Blob History Raw
e9c22b 
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
e9c22b 
From: Daiki Ueno <ueno@gnu.org>
e9c22b 
Date: Fri, 5 Jun 2020 16:26:33 +0200
e9c22b 
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
e9c22b
e9c22b 
The AEAD iov interface falls back to serializing the input buffers if
e9c22b 
the low-level cipher doesn't support scatter/gather encryption.
e9c22b 
However, there was a bug in the functions used for the serialization,
e9c22b 
which causes memory leaks under a certain condition (i.e. the number
e9c22b 
of input buffers is 1).
e9c22b
e9c22b 
This patch makes the logic of the functions simpler, by removing a
e9c22b 
micro-optimization that tries to minimize the number of calls to
e9c22b 
malloc/free.
e9c22b
e9c22b 
The original problem was reported by Marius Steffen in:
e9c22b 
https://bugzilla.samba.org/show_bug.cgi?id=14399
e9c22b 
and the cause was investigated by Alexander Haase in:
e9c22b 
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
e9c22b
e9c22b 
Signed-off-by: Daiki Ueno <ueno@gnu.org>
e9c22b 
---
e9c22b 
 lib/crypto-api.c        | 36 +++++++++++-------------------------
e9c22b 
 tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
e9c22b 
 2 files changed, 29 insertions(+), 40 deletions(-)
e9c22b
e9c22b 
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
e9c22b 
index 45be64ed1..8524f5ed4 100644
e9c22b 
--- a/lib/crypto-api.c
e9c22b 
+++ b/lib/crypto-api.c
e9c22b 
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
e9c22b 
 struct iov_store_st {
e9c22b 
 	void *data;
e9c22b 
 	size_t size;
e9c22b 
-	unsigned allocated;
e9c22b 
 };
e9c22b
e9c22b 
 static void iov_store_free(struct iov_store_st *s)
e9c22b 
 {
e9c22b 
-	if (s->allocated) {
e9c22b 
-		gnutls_free(s->data);
e9c22b 
-		s->allocated = 0;
e9c22b 
-	}
e9c22b 
+	gnutls_free(s->data);
e9c22b 
 }
e9c22b
e9c22b 
 static int iov_store_grow(struct iov_store_st *s, size_t length)
e9c22b 
 {
e9c22b 
-	if (s->allocated || s->data == NULL) {
e9c22b 
-		s->size += length;
e9c22b 
-		s->data = gnutls_realloc(s->data, s->size);
e9c22b 
-		if (s->data == NULL)
e9c22b 
-			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
e9c22b 
-		s->allocated = 1;
e9c22b 
-	} else {
e9c22b 
-		void *data = s->data;
e9c22b 
-		size_t size = s->size + length;
e9c22b 
-		s->data = gnutls_malloc(size);
e9c22b 
-		memcpy(s->data, data, s->size);
e9c22b 
-		s->size += length;
e9c22b 
-	}
e9c22b 
+	void *data;
e9c22b 
+
e9c22b 
+	s->size += length;
e9c22b 
+	data = gnutls_realloc(s->data, s->size);
e9c22b 
+	if (data == NULL)
e9c22b 
+		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
e9c22b 
+
e9c22b 
+	s->data = data;
e9c22b 
 	return 0;
e9c22b 
 }
e9c22b
e9c22b 
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
e9c22b 
 	memset(dst, 0, sizeof(*dst));
e9c22b 
 	if (iovcnt == 0) {
e9c22b 
 		return 0;
e9c22b 
-	} else if (iovcnt == 1) {
e9c22b 
-		dst->data = iov[0].iov_base;
e9c22b 
-		dst->size = iov[0].iov_len;
e9c22b 
-		/* implies: dst->allocated = 0; */
e9c22b 
-		return 0;
e9c22b 
 	} else {
e9c22b 
 		int i;
e9c22b 
 		uint8_t *p;
e9c22b 
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
e9c22b
e9c22b 
 		p = dst->data;
e9c22b 
 		for (i=0;i
e9c22b 
-			memcpy(p, iov[i].iov_base, iov[i].iov_len);
e9c22b 
+			if (iov[i].iov_len > 0)
e9c22b 
+				memcpy(p, iov[i].iov_base, iov[i].iov_len);
e9c22b 
 			p += iov[i].iov_len;
e9c22b 
 		}
e9c22b
e9c22b 
-		dst->allocated = 1;
e9c22b 
 		return 0;
e9c22b 
 	}
e9c22b 
 }
e9c22b 
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
e9c22b 
index fba9010d9..6a30a35f7 100644
e9c22b 
--- a/tests/aead-cipher-vec.c
e9c22b 
+++ b/tests/aead-cipher-vec.c
e9c22b 
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
e9c22b 
 	giovec_t auth_iov[2];
e9c22b 
 	uint8_t tag[64];
e9c22b 
 	size_t tag_size = 0;
e9c22b 
+	size_t i;
e9c22b
e9c22b 
 	key.data = key16;
e9c22b 
 	key.size = gnutls_cipher_get_key_size(algo);
e9c22b 
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
e9c22b 
 	if (ret < 0)
e9c22b 
 		fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
e9c22b
e9c22b 
-	ret = gnutls_aead_cipher_encryptv2(ch,
e9c22b 
-					   iv.data, iv.size,
e9c22b 
-					   auth_iov, 2,
e9c22b 
-					   iov, 3,
e9c22b 
-					   tag, &tag_size);
e9c22b 
-	if (ret < 0)
e9c22b 
-		fail("could not encrypt data: %s\n", gnutls_strerror(ret));
e9c22b 
-
e9c22b 
-	ret = gnutls_aead_cipher_decryptv2(ch,
e9c22b 
-					   iv.data, iv.size,
e9c22b 
-					   auth_iov, 2,
e9c22b 
-					   iov, 3,
e9c22b 
-					   tag, tag_size);
e9c22b 
-	if (ret < 0)
e9c22b 
-		fail("could not decrypt data: %s\n", gnutls_strerror(ret));
e9c22b 
+	for (i = 0; i < 2; i++) {
e9c22b 
+		ret = gnutls_aead_cipher_encryptv2(ch,
e9c22b 
+						   iv.data, iv.size,
e9c22b 
+						   auth_iov, 2,
e9c22b 
+						   iov, i + 1,
e9c22b 
+						   tag, &tag_size);
e9c22b 
+		if (ret < 0)
e9c22b 
+			fail("could not encrypt data: %s\n", gnutls_strerror(ret));
e9c22b 
+
e9c22b 
+		ret = gnutls_aead_cipher_decryptv2(ch,
e9c22b 
+						   iv.data, iv.size,
e9c22b 
+						   auth_iov, 2,
e9c22b 
+						   iov, i + 1,
e9c22b 
+						   tag, tag_size);
e9c22b 
+		if (ret < 0)
e9c22b 
+			fail("could not decrypt data: %s\n", gnutls_strerror(ret));
e9c22b 
+	}
e9c22b
e9c22b 
 	gnutls_aead_cipher_deinit(ch);
e9c22b 
 }
e9c22b 
--
e9c22b 
2.25.4
e9c22b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation