Bug 457588 - mcrypt crashes if file to encrypt is 1 or 2 characters
Summary: mcrypt crashes if file to encrypt is 1 or 2 characters
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mcrypt
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tom "spot" Callaway
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-01 16:36 UTC by Niall Hallett
Modified: 2008-08-26 22:27 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-08-26 22:27:16 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Niall Hallett 2008-08-01 16:36:20 UTC
Description of problem:

mcrypt crashes if file to encrypt is 1 or 2 characters.

Version-Release number of selected component (if applicable):
mcrypt-2.6.7-2.fc9.i386

How reproducible:
always.

Steps to Reproduce:
1. create a 1 or 2 char file
2. mcrypt file
3.
  
Actual results:

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase: 
Enter passphrase: 

*** glibc detected *** mcrypt: free(): invalid next size (fast): 0x08bed918 ***
======= Backtrace: =========
/lib/libc.so.6[0x777874]
/lib/libc.so.6(cfree+0x96)[0x7798d6]
mcrypt[0x8053a1a]
mcrypt[0x804de2b]
mcrypt[0x804c524]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7205d6]
mcrypt[0x8049fe1]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-0014e000 r-xp 00000000 08:03 901272     /usr/lib/libmhash.so.2.0.1
0014e000-0014f000 rw-p 0003c000 08:03 901272     /usr/lib/libmhash.so.2.0.1
0014f000-00178000 r-xp 00000000 08:03 901241     /usr/lib/libmcrypt.so.4.4.8
00178000-0017b000 rw-p 00028000 08:03 901241     /usr/lib/libmcrypt.so.4.4.8
0017b000-00180000 rw-p 0017b000 00:00 0 
00180000-0018a000 r-xp 00000000 08:03 2662520    /lib/libnss_files-2.8.so
0018a000-0018b000 r--p 0000a000 08:03 2662520    /lib/libnss_files-2.8.so
0018b000-0018c000 rw-p 0000b000 08:03 2662520    /lib/libnss_files-2.8.so
006ea000-00706000 r-xp 00000000 08:03 2662513    /lib/ld-2.8.so
00706000-00707000 r--p 0001c000 08:03 2662513    /lib/ld-2.8.so
00707000-00708000 rw-p 0001d000 08:03 2662513    /lib/ld-2.8.so
0070a000-0086d000 r-xp 00000000 08:03 2664813    /lib/libc-2.8.so
0086d000-0086f000 r--p 00163000 08:03 2664813    /lib/libc-2.8.so
0086f000-00870000 rw-p 00165000 08:03 2664813    /lib/libc-2.8.so
00870000-00873000 rw-p 00870000 00:00 0 
008e0000-008f3000 r-xp 00000000 08:03 2664827    /lib/libz.so.1.2.3
008f3000-008f4000 rw-p 00012000 08:03 2664827    /lib/libz.so.1.2.3
00de1000-00dee000 r-xp 00000000 08:03 2664834    /lib/libgcc_s-4.3.0-20080428.so.1
00dee000-00def000 rw-p 0000c000 08:03 2664834    /lib/libgcc_s-4.3.0-20080428.so.1
08048000-0805b000 r-xp 00000000 08:03 868718     /usr/bin/mcrypt
0805b000-0805c000 rw-p 00013000 08:03 868718     /usr/bin/mcrypt
0805c000-08083000 rw-p 0805c000 00:00 0 
08beb000-08bec000 rw-p 08beb000 00:00 0 
08bec000-08bee000 rw-p 08bec000 00:00 0 
08bee000-08c0c000 rw-p 08bee000 00:00 0 
b7c00000-b7c21000 rw-p b7c00000 00:00 0 
b7c21000-b7d00000 ---p b7c21000 00:00 0 
b7d84000-b7f84000 r--p 00000000 08:03 925697     /usr/lib/locale/locale-archive
b7f84000-b7f85000 rw-p b7f84000 00:00 0 
b7f9a000-b7f9c000 rw-p b7f9a000 00:00 0 
bfe86000-bfe9b000 rw-p bffeb000 00:00 0          [stack]
Aborted

Expected results:

Additional info:

what's worse is that it actually produces a .nc file. However, it will corrupt
the original file if you attempt to mdecrypt it.

Comment 1 Tom "spot" Callaway 2008-08-25 22:04:46 UTC
I'm having some difficulty reproducing this on rawhide.

[spot@localhost devel]$ touch test
[spot@localhost devel]$ echo a > test
[spot@localhost devel]$ MALLOC_CHECK_=2 mcrypt test
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase: 
Enter passphrase: 

File test was encrypted.
[spot@localhost devel]$ rm -rf test
[spot@localhost devel]$ MALLOC_CHECK_=2 mcrypt -d test.nc 
Enter passphrase: 
File test.nc was decrypted.
[spot@localhost devel]$ cat test
a

[spot@localhost devel]$ touch test2
[spot@localhost devel]$ echo zz > test2
[spot@localhost devel]$ MALLOC_CHECK_=2 mcrypt test2
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase: 
Enter passphrase: 

File test2 was encrypted.
[spot@localhost devel]$ rm -rf test2
[spot@localhost devel]$ MALLOC_CHECK_=2 mcrypt -d test2.nc 
Enter passphrase: 
File test2.nc was decrypted.
[spot@localhost devel]$ cat test2
zz

Can you test again with all the F-9 updates applied and see if you can reproduce this? Alternately, if you have a sample file for me to test crypting, feel free to upload it.

Comment 2 Niall Hallett 2008-08-26 22:20:11 UTC
I upgraded to your current release from updates pending:

libmcrypt-2.5.8-6.fc9.i386
mcrypt-2.6.7-3.fc9.i386

and can confirm that this problem is now fixed.

Thanks.

Comment 3 Tom "spot" Callaway 2008-08-26 22:27:16 UTC
Works for me. Closing as NEXTRELEASE.


Note You need to log in before you can comment on or make changes to this bug.