Bug 1351022

I was able to encrypt and decrypt files of various sizes without issue, down to 1 Byte, with or without -r.  Is there a non-sensitive file you can share with me that causes this issue?

Created attachment 1174292 [details]
Output of valgrind on bcrypt

Ohhh, it seems that the problem is happening because I've set the environmental variable  MALLOC_CHECK_ to 1.  I forgot that I set that for checking my own programs; sorry.

Before I realized that, I downloaded and compiled from Sourceforge the bcrypt 1.1 source, and used valgrind on it.  I've attached the valgrind output.

Ah, ok, so we have non-fatal memory leaks.  I'm not entirely certain of the best method of tightening up the calls in wrapbf.c that are at fault, but I'll look at it.  If you come up with a working patch I'll test.

Created attachment 1174731 [details]
Patch to fix fencepost error

It's not a memory leak, but rather bcrypt reading from and writing to memory that hasn't been allocated.  This is caused by a fencepost error in padInput() in rwfile.c, leading bcrypt to accessing a single byte of unallocated memory after the realloc()'d region that should have been included by realloc().  The attached patch fixes the problem, with both MALLOC_CHECK_ and valgrind showing that everything is working fine.

So it does, thanks!  I'll get this out to all branches ASAP.

bcrypt-1.1-14.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-18ef7d9719

bcrypt-1.1-14.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5192647e

bcrypt-1.1-14.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-23f91effd7

bcrypt-1.1-14.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd5ba01da3

bcrypt-1.1-14.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd5ba01da3

bcrypt-1.1-14.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-18ef7d9719

bcrypt-1.1-14.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5192647e

bcrypt-1.1-14.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-23f91effd7

bcrypt-1.1-14.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

bcrypt-1.1-14.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

bcrypt-1.1-14.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

bcrypt-1.1-14.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.