Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use checked arithmetic to prevent stack overflow in Pkcs12Kdf #68422

Merged
merged 1 commit into from Apr 26, 2022
Merged

Use checked arithmetic to prevent stack overflow in Pkcs12Kdf #68422

merged 1 commit into from Apr 26, 2022

Conversation

vcsjones
Copy link
Member

When calculating the length of P and I, it's possible for this to result in an arithmetic overflow.
This arithmetic overflow is then fed in to stackalloc, which treats the input as unsigned and causes a large stack allocation.

Closes #68419

@vcsjones
Use checked arithmetic to prevent stack overflow.
52e93d9 
When calculating the length of P and I, it's possible for this to result in an arithmetic overflow.
This arithmetic overflow is then fed in to `stackalloc`, which treats the input as unsigned and
causes a large stack allocation.
@ghost ghost assigned vcsjones Apr 22, 2022
@ghost
Copy link

ghost commented Apr 22, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

When calculating the length of P and I, it's possible for this to result in an arithmetic overflow.
This arithmetic overflow is then fed in to stackalloc, which treats the input as unsigned and causes a large stack allocation.

Closes #68419

Author: vcsjones
Assignees: -
Labels:

area-System.Security
Milestone: -

@danmoseley
Copy link
Member

could you add your repro as a test perhaps?

@vcsjones
Copy link
Member Author

vcsjones commented Apr 22, 2022
edited

@danmoseley

could you add your repro as a test perhaps?

I thought about it, but unfortunately it requires quite a large allocation. I've seen a number of test failures from tests that try to hit those conditions, so erred on the side of not testing it.

If we have a test pattern that I can follow for ~2 GB allocations then I think it would make sense.

@Tornhoof
Copy link
Contributor

Tornhoof commented Apr 23, 2022
edited

There are a few non-const stackallocs in that class, isn't that bad practice by now and should be cleaned up?
Example:

runtime/src/libraries/Common/src/System/Security/Cryptography/Pkcs12Kdf.cs

Lines 140 to 142 in 52e93d9

if (ILen <= 1024)
{
I = stackalloc byte[ILen];

(Besides having a stackalloc with 1024 byte size)

@danmoseley
Copy link
Member

If we have a test pattern that I can follow for ~2 GB allocations then I think it would make sense.

We have a number of tests that do this and we made them stable by making them run alone (search for DisableParallelism) + limiting to 64 bit. I suppose one could count OutOfMemoryException as a pass, too.

I don't have an opinion on whether it is worth it in this case though.

@bartonjs
Copy link
Member

I think we can get away without a test.

@bartonjs bartonjs merged commit 1ae1451 into dotnet:main Apr 26, 2022
@vcsjones vcsjones deleted the fix-68419 branch April 26, 2022 16:38
@dotnet dotnet locked as resolved and limited conversation to collaborators May 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pkcs12Kdf can stack overflow with an exceptionally large password
4 participants
@vcsjones @danmoseley @Tornhoof @bartonjs