Red Hat Bugzilla – Bug 1271165
m2crypto: pbkdf2 function crashes when given 74 byte result as argument
Last modified: 2016-04-26 09:44:51 EDT
A bug was found in pbkdf2 function of m2crypto package, such that when given a 74 byte result, a buffer overflow occurs leading to crash of the application.
For reproducer and backtrace, see product bug:
The root cause is a stack-based buffer overflow in the pkcs5_pbkdf2_hmac_sha1() function in SWIG/_evp.i
It defines the following stack-based buffer:
unsigned char key[EVP_MAX_KEY_LENGTH]; // usually 64byte
and later calls this function, which takes in "keylen" and fills "key". if "keylen" is larger than EVP_MAX_KEY_LENGTH, it overflows the stack-based buffer.
PKCS5_PBKDF2_HMAC_SHA1(passbuf, passlen, saltbuf, saltlen, iter,
A simple sanity check of keylen (both that it's not larger than EVP_MAX_KEY_LENGTH and not negative) before calling PKCS5_PBKDF2_HMAC_SHA1 should be enough to prevent this. This function should be protected by stack canaries, so code execution is mitigated, but there may be a minimal remaining risk that it's still possible.
*** Bug 1270318 has been marked as a duplicate of this bug. ***
Created m2crypto tracking bugs for this issue:
Affects: fedora-all [bug 1276630]
m2crypto-0.22.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
m2crypto-0.22.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
m2crypto-0.22.5-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This has been fixed, right?