You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Solaris 11 delivers pkcs11_inspect(1) compiled using -m64 which thus
creates a 64-bit executable. The pkcs11_inspect(1) utility calls the
src/common/cert_info.c:cert_info_sshpuk() routine which declares
'data_len' as an 'int' which is 32-bits in size and will thus be 32-bit
aligned but then passes its address to
src/common/base64.c:base64_encode() which expects a size_t. When
base64_encode() dereferences the address of 'data_len' it expects the
address to be 64-bit aligned since in the LP64 environment, size_t is an
unsigned long and 64-bits in size. This discrepancy results in
accessing an address which is 32-bit aligned but not 64-bit aligned and
this misaligned access then triggers a SIGBUS.
static char **cert_info_sshpuk(X509 *x509)
{
[...]
int data_len;
[...]
/* encode data in base64 format */
data_len= 1+ 4*((2+pt-blob)/3);
[...]
res= base64_encode(blob,pt-blob,data,(size_t *) &data_len);
int base64_encode(const unsigned char *in, size_t len, unsigned char *out,
size_t *outlen)
{
[...]
if (*outlen < len2 + 1) {
> ::status
debugging core file of pkcs11_inspect (64-bit) from c27waspxwnyd12w
file: /usr/lib/pam_pkcs11/pkcs11_inspect
initial argv: ./pkcs11_inspect
threading model: native threads
status: process terminated by SIGBUS (Bus Error), addr=fffffe66942dffec
> $C
fffffe66942df671 openssh_mapper.so`base64_encode+0x40(dc4e3f7680, 117, dc4e3f9690, fffffe66942dffec, 0, dc4e3f9805)
fffffe66942df731 openssh_mapper.so`cert_info_sshpuk+0x29c(dc4e32c4d0, 55555400, 175, 7fcb4f03087f0, dc4e3f7797, 7fcb4f041a000)
fffffe66942df7f1 openssh_mapper.so`openssh_mapper_find_entries+0x1c(dc4e32c4d0, 0, 10011a000, 7fcb4f041a000, 10f9e4, 16a8)
fffffe66942df8a1 inspect_certificate+0x94(dc4e32c4d0, dc4e3f1a60, 10011b9a8, 100006348, 10011a000, 1)
fffffe66942df951 main+0x414(10011b558, fffffe66942e06d8, 1, 0, 1, 100005000)
fffffe66942dfe21 _start+0x17c(0, 0, 0, 0, 0, 0)
// The address of 'data_len' is not 64-bit aligned:
> (fffffe66942dffec & 0x7)
4
// But the address of 'data_len' is instead 32-bit aligned:
> (fffffe66942dffec & 0x3)
0
Since size_t is 64-bits in size in LP64 mode the attempt to dereference
its address which isn't 64-bit aligned triggers a SIGBUS.
The text was updated successfully, but these errors were encountered:
…ligned access
A cast has been added in fa5b394 (in
2005) and the problem was hidden.
It was the wrong solution to fix a compiler warning.
FixesOpenSC#28
Solaris 11 delivers pkcs11_inspect(1) compiled using -m64 which thus
creates a 64-bit executable. The pkcs11_inspect(1) utility calls the
src/common/cert_info.c:cert_info_sshpuk() routine which declares
'data_len' as an 'int' which is 32-bits in size and will thus be 32-bit
aligned but then passes its address to
src/common/base64.c:base64_encode() which expects a size_t. When
base64_encode() dereferences the address of 'data_len' it expects the
address to be 64-bit aligned since in the LP64 environment, size_t is an
unsigned long and 64-bits in size. This discrepancy results in
accessing an address which is 32-bit aligned but not 64-bit aligned and
this misaligned access then triggers a SIGBUS.
Since size_t is 64-bits in size in LP64 mode the attempt to dereference
its address which isn't 64-bit aligned triggers a SIGBUS.
The text was updated successfully, but these errors were encountered: