tested on wolfSSL 4.1.0 / ubuntu 14.04/ clang / asan
Hi, I've came upon an one-byte-heap-overread bug
due to corner case mishandling in GetLength_ex(wolfcrypt/src/asn.c:189), you could trigger it by loading attached DER certificate using API wolfSSL_X509_d2i (or example_cert_parsing_app) (test_crt.zip)
Corner cases:
if (check && (**idx + length**) > maxIdx) { /* for user of length */
WOLFSSL_MSG("GetLength value exceeds buffer length");
return BUFFER_E;
}
If idx + length == maxIdx which passed the check, it will trigger a buffer over read in (wolfcrypt/src/asn.c:7584)
if (**input[idx]** == ASN_BOOLEAN) {
ret = GetBoolean(input, &idx, sz);
if (ret < 0) {
WOLFSSL_MSG("\tfail: critical boolean");
return ret;
}
critical = (byte)ret;
}
ASAN report
==49107==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900000048f at pc 0x7f755c0cd6cc bp 0x7ffce2a2cc00 sp 0x7ffce2a2cbf8
READ of size 1 at 0x61900000048f thread T0
#0 0x7f755c0cd6cb in DecodeCertExtensions wolfcrypt/src/asn.c:7584
#1 0x7f755c0cd6cb in ParseCertRelative wolfcrypt/src/asn.c:8174
#2 0x7f755c062097 in wolfSSL_X509_d2i src/ssl.c:15361
#3 0x7f755c04b685 in main (/opt/disk/wolfSSL_X509_d2i_gcc+0x1e685)
#4 0x7f755ad94f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#5 0x7f755c04b2eb (/opt/disk/wolfSSL_X509_d2i_gcc+0x1e2eb)
0x61900000048f is located 0 bytes to the right of 1039-byte region [0x619000000080,0x61900000048f)
allocated by thread T0 here:
#0 0x7f755b4fc479 in __interceptor_malloc /home/nwani/m3/conda-bld/compilers_linux-64_1560109574129/work/.build/x86_64-conda_cos6-linux-gnu/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f755c04b5aa in main (/opt/disk/wolfSSL_X509_d2i_gcc+0x1e5aa)
#2 0x7f755ad94f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: heap-buffer-overflow wolfcrypt/src/asn.c:7584 in DecodeCertExtensions
Shadow bytes around the buggy address:
0x0c327fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c327fff8090: 00[07]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represen
[test_crt.zip](https://github.com/wolfSSL/wolfssl/files/3524394/test_crt.zip)
ts 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==49107==ABORTING
The text was updated successfully, but these errors were encountered:
I created a PR (#2425) that does a check on the buffer before reading the ASN_BOOLEAN byte. The ASAN I have on my development system was not reporting the issue but printing out the values when running the test case it does look like it is accessing one index over.
$ ./a.out
idx = 135 sz = 135
Am considering a PR also for the GetLength check. Can you tell us some about your project? And if you send a mailing address to our support (at) wolfssl we would like to send you some swag.
tested on wolfSSL 4.1.0 / ubuntu 14.04/ clang / asan
Hi, I've came upon an one-byte-heap-overread bug
due to corner case mishandling in GetLength_ex(wolfcrypt/src/asn.c:189), you could trigger it by loading attached DER certificate using API wolfSSL_X509_d2i (or example_cert_parsing_app) (test_crt.zip)
Corner cases:
If idx + length == maxIdx which passed the check, it will trigger a buffer over read in (wolfcrypt/src/asn.c:7584)
ASAN report
The text was updated successfully, but these errors were encountered: