Skip to content

Configure WhiteSource for GitHub.com#1

Open
mend-for-github-com[bot] wants to merge 1 commit into
openssl-3.0.2+quicfrom
whitesource/configure
Open

Configure WhiteSource for GitHub.com#1
mend-for-github-com[bot] wants to merge 1 commit into
openssl-3.0.2+quicfrom
whitesource/configure

Conversation

@mend-for-github-com

Copy link
Copy Markdown

Welcome to WhiteSource for GitHub.com! This is an onboarding PR to help you understand and configure settings before WhiteSource starts scanning your repository for security vulnerabilities.

🚦 WhiteSource for GitHub.com will start scanning your repository only once you merge this Pull Request. To disable WhiteSource for GitHub.com, simply close this Pull Request.


What to Expect

This PR contains a '.whitesource' configuration file which can be customized to your needs. If no changes were applied to this file, WhiteSource for GitHub.com will use the default configuration.

Before merging this PR, Make sure the Issues tab is enabled. Once you merge this PR, WhiteSource for GitHub.com will scan your repository and create a GitHub Issue for every vulnerability detected in your repository.

If you do not want a GitHub Issue to be created for each detected vulnerability, you can edit the '.whitesource' file and set the 'minSeverityLevel' parameter to 'NONE'.

If WhiteSource Remediate Workflow Rules are set on your repository (from the WhiteSource 'Integrate' tab), WhiteSource will also generate a fix Pull Request for relevant vulnerabilities.


❓ Got questions? Check out WhiteSource for GitHub.com docs.
If you need any further assistance then you can also request help here.

omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized.  Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.

The error can be reproduced with the reproducible error injection patch:

$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
    #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
    quictls#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
    quictls#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
    quictls#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
    quictls#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
    quictls#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
    quictls#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
    quictls#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
    quictls#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
    quictls#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
    quictls#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    quictls#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    quictls#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
    quictls#21 0x40893b in testfile fuzz/test-corpus.c:182
    quictls#22 0x406b86 in main fuzz/test-corpus.c:226
    openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
    #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
    #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
    quictls#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
    quictls#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
    quictls#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
    quictls#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    quictls#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    quictls#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
    quictls#14 0x40893b in testfile fuzz/test-corpus.c:182
    quictls#15 0x406b86 in main fuzz/test-corpus.c:226
    quictls#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18360)

(cherry picked from commit 557825a)
omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
    quictls#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
    quictls#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
    quictls#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
    quictls#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
    quictls#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
    quictls#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
    quictls#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
    quictls#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
    quictls#11 0x40370b in testfile fuzz/test-corpus.c:182
    quictls#12 0x402846 in main fuzz/test-corpus.c:226
    quictls#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18366)

(cherry picked from commit 22a96c6)
omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
    #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
    #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
    quictls#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
    quictls#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
    quictls#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
    quictls#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
    quictls#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
    quictls#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
    quictls#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
    quictls#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 268 byte(s) in 1 object(s) allocated from:
    #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
    #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
    quictls#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
    quictls#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
    quictls#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
    quictls#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
    quictls#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
    quictls#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18371)

(cherry picked from commit b7e28c0)
omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty.  The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
    #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
    quictls#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
    quictls#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
    quictls#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
    quictls#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
    quictls#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
    quictls#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
    quictls#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
    quictls#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
    quictls#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
    quictls#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
    quictls#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
    quictls#14 0x40371b in testfile fuzz/test-corpus.c:182
    quictls#15 0x402856 in main fuzz/test-corpus.c:226
    quictls#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    quictls#17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
    #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
    #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
    quictls#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
    quictls#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
    quictls#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
    quictls#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
    quictls#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
    quictls#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
    quictls#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
    quictls#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
    quictls#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
    quictls#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
    quictls#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
    quictls#13 0x40371b in testfile fuzz/test-corpus.c:182
    quictls#14 0x402856 in main fuzz/test-corpus.c:226
    quictls#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    quictls#16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18376)

(cherry picked from commit dc0ef29)
omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
    #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
    quictls#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
    quictls#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
    quictls#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
    quictls#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
    quictls#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
    quictls#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    quictls#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
    quictls#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    quictls#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
    quictls#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    quictls#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
    openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
    quictls#24 0x402bbb in testfile fuzz/test-corpus.c:182
    quictls#25 0x402626 in main fuzz/test-corpus.c:226
    quictls#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    quictls#27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
    quictls#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
    quictls#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
    quictls#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
    quictls#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
    quictls#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
    quictls#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
    quictls#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    quictls#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
    quictls#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    quictls#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
    quictls#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    quictls#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
    quictls#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
    quictls#29 0x402bbb in testfile fuzz/test-corpus.c:182
    quictls#30 0x402626 in main fuzz/test-corpus.c:226
    openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18391)

(cherry picked from commit e9007e0)
omisas-magaya pushed a commit that referenced this pull request Jul 22, 2024
This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
    quictls#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    quictls#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    quictls#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    quictls#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
    quictls#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
    quictls#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
    quictls#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    quictls#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    quictls#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    quictls#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    quictls#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    quictls#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    quictls#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    quictls#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    quictls#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    quictls#26 0x402afb in testfile fuzz/test-corpus.c:182
    quictls#27 0x402656 in main fuzz/test-corpus.c:226
    quictls#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    quictls#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
    quictls#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
    quictls#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    quictls#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    quictls#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    quictls#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    quictls#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    quictls#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    quictls#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    quictls#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    quictls#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    quictls#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    quictls#22 0x402afb in testfile fuzz/test-corpus.c:182
    openssl#23 0x402656 in main fuzz/test-corpus.c:226
    quictls#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    quictls#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    quictls#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    quictls#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    quictls#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    quictls#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    quictls#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    quictls#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    quictls#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    quictls#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    quictls#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    quictls#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    quictls#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    quictls#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    quictls#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    quictls#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    quictls#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    quictls#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    quictls#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    openssl#23 0x402afb in testfile fuzz/test-corpus.c:182
    quictls#24 0x402656 in main fuzz/test-corpus.c:226
    quictls#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from openssl#18633)

(cherry picked from commit be50862)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants