-
-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential buffer overread in ctap_encode_der_sig() #94
Comments
Scan build complains about it as well:
clang version 7.0.1 (Fedora 7.0.1-1.fc29) |
2 tasks
szszszsz
added a commit
to Nitrokey/nitrokey-fido2-firmware
that referenced
this issue
Feb 1, 2019
Take into account leading zeroes in the size to copy, for both R and S ingredients of the signature. Issue was occuring only in cases, when there was a leading zero for the S part. Refactor ctap_encode_der_sig(): - add in_ and out_ prefixes to the function arguments - mark pointers const - clear out buffer Tested via simulated device on: - Fedora 29 - gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6) - libasan 8.2.1 / 6.fc29 (same machine, as in the related issue description) by running ctap_test() Python test in a loop for 20 minutes (dev's counter 400k+). Earlier issue was occuring in first minutes. Not tested on hardware yet. Related: solokeys#94 Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
It seems that I have found the fix (it is not triggering ASan at least; see linked commit). Tested on the simulated device, later will check on hardware. |
szszszsz
added a commit
to Nitrokey/nitrokey-fido2-firmware
that referenced
this issue
Feb 2, 2019
Take into account leading zeroes in the size to copy, for both R and S ingredients of the signature. Issue was occuring only in cases, when there was a leading zero for the S part. Refactor ctap_encode_der_sig(): - add in_ and out_ prefixes to the function arguments - mark pointers const - clear out buffer Tested via simulated device on: - Fedora 29 - gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6) - libasan 8.2.1 / 6.fc29 (same machine, as in the related issue description) by running ctap_test() Python test in a loop for 20 minutes (dev's counter 400k+). Earlier issue was occuring in first minutes. Tested on Nucleo32 board, by running the ctap_test() 20 times. Related: solokeys#94 Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
szszszsz
added a commit
to Nitrokey/nitrokey-fido2-firmware
that referenced
this issue
Feb 2, 2019
Take into account leading zeroes in the size to copy, for both R and S ingredients of the signature. Issue was occuring only in cases, when there was a leading zero for the S part. Refactor ctap_encode_der_sig(): - add in_ and out_ prefixes to the function arguments - mark pointers const - clear out buffer Tested via simulated device on: - Fedora 29 - gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6) - libasan 8.2.1 / 6.fc29 (same machine, as in the related issue description) by running ctap_test() Python test in a loop for 20 minutes (dev's counter 400k+). Earlier issue was occuring in first minutes. Tested on Nucleo32 board, by running the ctap_test() 20 times. Fixes solokeys#94 Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Great find! Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
It looks like memmove reads (writes?) one byte too much, while writing final result of the ctap_encode_der_sig() function. It does not occur always - probably only in case for maximum signature length.
Found, while running simulation binary compiled with
-lasan -fsanitize=address -O1 -g -fno-omit-frame-pointer
. I think it was confirmed by Clang'sscan_build
tool as well (to add later).Frequency: sometimes (1/10)
Environment
Reproduction route
tools/ctap_test.py
10 timesWith WIP code, from https://github.com/Nitrokey/nitrokey-fido2-firmware/tree/testing:
Logs
ASAN report (click)
References
Edit: add env info
Edit: remove whitespace
Edit: add scenario
The text was updated successfully, but these errors were encountered: