BBC: Crypt-OpenSSL-PKCS10-0.19 triggers "stack smashing detected"

[andk]

Description

With 1ef9039 the tests for JONOZZZ/Crypt-OpenSSL-PKCS10-0.19.tar.gz were starting to fail. Sample test report with v5.37.2: http://www.cpantesters.org/cpan/report/d7681930-0a87-11ed-a527-47589c44d1b7

Already multiple cases of fails triggered by this commit have been discussed in #19983; somehow the fail of this module seems to have remained undiscovered until now. Or maybe it's just me who has not seen an issue raised.

@khwilliamson would you like to comment?

Steps to Reproduce

cpan -i JONOZZZ/Crypt-OpenSSL-PKCS10-0.19.tar.gz

Expected behavior

Tests should succeed and module should be installed.

Perl configuration

# perl -V output goes here
Summary of my perl5 (revision 5 version 37 subversion 2) configuration:
  Commit id: 7f9b65d969a1c8b44028cacbb9e88596d1e5a8a3
  Platform:
    osname=linux
    osvers=5.15.0-41-generic
    archname=x86_64-linux
    uname='linux k93jammy 5.15.0-41-generic #44-ubuntu smp wed jun 22 14:20:53 utc 2022 x86_64 x86_64 x86_64 gnulinux '
    config_args='-Dprefix=/home/sand/src/perl/repoperls/installed-perls/host/k93jammy/v5.37.2/6567 -Dmyhostname=k93jammy -Dinstallusrbinperl=n -Uversiononly -Dusedevel -des -Ui_db -Dlibswanted=cl pthread socket inet nsl gdbm dbm malloc dl ld sun m crypt sec util c cposix posix ucb BSD gdbm_compat -Uuseithreads -Uuselongdouble -DEBUGGING=-g'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
  Compiler:
    cc='cc'
    ccflags ='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    optimize='-O2 -g'
    cppflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='11.2.0'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/x86_64-linux-gnu /usr/lib /usr/lib64
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/x86_64-linux-gnu/libc.so.6
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.35'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl): 
  Compile-time options:
    HAS_TIMES
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    PERL_USE_DEVEL
    PERL_USE_SAFE_PUTENV
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
  Built under linux
  Compiled at Jul 21 2022 06:44:32
  %ENV:
    PERL="/tmp/basesmoker-reloperl-a8HE/bin/perl"
    PERL5LIB="/tmp/loop_over_bdir-522492-mSrHgw/Simulation-Automate-1.0.1-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Simulation-Automate-1.0.1-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/Lingua-BioYaTeA-0.11-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Lingua-BioYaTeA-0.11-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/Lingua-YaTeA-0.626-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Lingua-YaTeA-0.626-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/ProjectBuilder-0.14.1-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/ProjectBuilder-0.14.1-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/dta-tokwrap-0.98-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/dta-tokwrap-0.98-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/EJBCA-CrlPublish-0.60-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/EJBCA-CrlPublish-0.60-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/Dpkg-1.21.9-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Dpkg-1.21.9-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/Devel-Required-0.16-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Devel-Required-0.16-0/blib/lib:/tmp/loop_over_bdir-522492-mSrHgw/Alien-SNMP-MIBDEV-2.020000-0/blib/arch:/tmp/loop_over_bdir-522492-mSrHgw/Alien-SNMP-MIBDEV-2.020000-0/blib/lib"
    PERL5OPT=""
    PERL5_CPANPLUS_IS_RUNNING="522500"
    PERL5_CPAN_IS_RUNNING="522500"
    PERL_CANARY_STABILITY_NOPROMPT="1"
    PERL_MM_USE_DEFAULT="1"
    PERL_USE_UNSAFE_INC="1"
  @INC:
    /tmp/loop_over_bdir-522492-mSrHgw/Simulation-Automate-1.0.1-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Simulation-Automate-1.0.1-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/Lingua-BioYaTeA-0.11-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Lingua-BioYaTeA-0.11-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/Lingua-YaTeA-0.626-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Lingua-YaTeA-0.626-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/ProjectBuilder-0.14.1-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/ProjectBuilder-0.14.1-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/dta-tokwrap-0.98-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/dta-tokwrap-0.98-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/EJBCA-CrlPublish-0.60-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/EJBCA-CrlPublish-0.60-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/Dpkg-1.21.9-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Dpkg-1.21.9-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/Devel-Required-0.16-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Devel-Required-0.16-0/blib/lib
    /tmp/loop_over_bdir-522492-mSrHgw/Alien-SNMP-MIBDEV-2.020000-0/blib/arch
    /tmp/loop_over_bdir-522492-mSrHgw/Alien-SNMP-MIBDEV-2.020000-0/blib/lib
    /home/sand/src/perl/repoperls/installed-perls/host/k93jammy/v5.37.2/6567/lib/site_perl/5.37.2/x86_64-linux
    /home/sand/src/perl/repoperls/installed-perls/host/k93jammy/v5.37.2/6567/lib/site_perl/5.37.2
    /home/sand/src/perl/repoperls/installed-perls/host/k93jammy/v5.37.2/6567/lib/5.37.2/x86_64-linux
    /home/sand/src/perl/repoperls/installed-perls/host/k93jammy/v5.37.2/6567/lib/5.37.2
    .

[jkeenan]

Description

With 1ef9039 the tests for JONOZZZ/Crypt-OpenSSL-PKCS10-0.19.tar.gz were starting to fail. Sample test report with v5.37.2: http://www.cpantesters.org/cpan/report/d7681930-0a87-11ed-a527-47589c44d1b7

Already multiple cases of fails triggered by this commit have been discussed in #19983; somehow the fail of this module seems to have remained undiscovered until now. Or maybe it's just me who has not seen an issue raised.

@khwilliamson would you like to comment?

It should be noted that the CPANtesters results discussed in this ticket and in #19983 are very OS-specific.

On FreeBSD-12:

$ uname -mrs;./bin/perl -v | head -2 | tail -1
FreeBSD 12.3-RELEASE-p6 amd64
This is perl 5, version 37, subversion 12 (v5.37.12 (v5.37.11-34-g48e8a9d396)) built for amd64-freebsd-thread-multi
$ tail ~/.cpanreporter/reports-sent.db
test PASS File-MMagic-1.30 (perl-5.38.0) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Crypt-OpenSSL-Guess-0.15 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Crypt-OpenSSL-Random-0.15 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Crypt-OpenSSL-RSA-0.33 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Crypt-OpenSSL-PKCS10-0.19 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Math-FastGF2-0.07 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Digest-OAT-0.04 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Lingua-RU-Translit-0.02 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
test PASS Locale-Hebrew-1.05 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6
make UNKNOWN Bloom16-0.01 (perl-5.37.12) amd64-freebsd-thread-multi 12.3-release-p6

On Linux:

$ uname -mrs;./bin/perl -v | head -2 | tail -1
Linux 5.10.0-18-amd64 x86_64
This is perl 5, version 38, subversion 0 (v5.38.0-RC2-2-g815251bd22) built for x86_64-linux
$ tail ~/.cpanreporter/reports-sent.db 
test PASS Crypt-OpenSSL-Guess-0.15 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test PASS Crypt-OpenSSL-Random-0.15 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test PASS Crypt-OpenSSL-RSA-0.33 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test PASS Crypt-OpenSSL-Bignum-0.09 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test FAIL Crypt-OpenSSL-PKCS10-0.19 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test FAIL Math-FastGF2-0.07 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test FAIL Digest-OAT-0.04 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test FAIL Lingua-RU-Translit-0.02 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
test FAIL Locale-Hebrew-1.05 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64
PL UNKNOWN Bloom16-0.01 (perl-5.38.0) x86_64-linux 5.10.0-18-amd64

[tonycoz]

It looks like the same problem to me, there's a few places in the code where it calls SvPV() with an int length parameter.

I've commented on https://rt.cpan.org/Ticket/Display.html?id=148807 including an example where it produces the stack smashing error with older perls.

As to the differences between operating systems: does both of the perls used for those reports on each OS have -fstack-protector-strong or -fstack-protector in ccflags? You can check that with:

./bin/perl -V:ccflags

The differences may also be due to differences in stack frame layout between compilers (gcc default on linux, clang default on FreeBSD)

[jkeenan]

[snip]

As to the differences between operating systems: does both of the perls used for those reports on each OS have -fstack-protector-strong or -fstack-protector in ccflags? You can check that with:

./bin/perl -V:ccflags

The differences may also be due to differences in stack frame layout between compilers (gcc default on linux, clang default on FreeBSD)

FreeBSD-12:

$ ./bin/perl -V:ccflags
ccflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include';

Linux:

$ ./bin/perl -V:ccflags
ccflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2';

[khwilliamson]

Again,#20037 (comment) could be applied; but again, the author had to be ignoring important compiler warnings for the situation to arise.

[tonycoz]

Again,#20037 (comment) could be applied

I made this one crash with 5.32, I hadn't tried for others, but I expect it to be possible to make most of the other modules crash similarly.

[timlegge]

As an FYI I released TIMLEGGE/Crypt-OpenSSL-PKCS10-0.23.tar.gz which fixed the issue in the release version

[tonycoz]

Thanks for the update.