Backport 2.7: Add tests for buffer corruption after PEM write #3945
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paul-elliott-arm
force-pushed
the
fix_pem_write_2_7
branch
from
ffdc702 to
1db4d5a
Compare
paul-elliott-arm
changed the title
2 tasks
gilles-peskine-arm
previously approved these changes
Dec 7, 2020
gilles-peskine-arm
added
component-crypto
paul-elliott-arm
force-pushed
the
fix_pem_write_2_7
branch
from
1db4d5a to
9291853
Compare
Zero remaining bytes in buffer after writing PEM data and add checks to ensure that this is the case. Signed-off-by: Paul Elliott <[email protected]>
paul-elliott-arm
force-pushed
the
fix_pem_write_2_7
branch
from
9291853 to
102bac7
Compare
gabor-mezei-arm
approved these changes
Dec 8, 2020
gilles-peskine-arm
approved these changes
Dec 8, 2020
There was a problem hiding this comment.
There are cosmetic differences with the 2.16 backport in the tests. In general it's better to avoid those, because they make backporting further patches more difficult, but we're unlikely to patch these tests any more until 2.7 goes out of support, so never mind.
gilles-peskine-arm
added
needs-ci
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
In order to remove some big (4k) buffers from being created on the stack, the output buffer was re-used - in this case the raw der data is written to the buffer prior to being base64 encoded into an allocated buffer, and then overwritten with the pem data. However, even though the pem data is zero terminated, usually der data will remain in the buffer after the terminator.
Should this buffer get passed into mbedtls_x509_crt_parse() then it will likely fail to parse, as it decides whether or not a buffer is pem by checking the last byte of the buffer for being zero - if it isn't zero, it will attempt to parse as der, which will obviously fail.
Please note that although this bug does not affect this branch, I wanted to add the tests anyway, to ensure this regression did not happen again. In order to get these tests to pass I would have had to add a memset to clear the buffers before two of the tests, so it seemed more clean just to backport the fix as well (i.e. zero the buffer after pem write)
This is a backport of #3898
Status
READY
Steps to test or reproduce
See #3682