[MacRuby-devel] [MacRuby] #811: Bus error encrypting/decrypting with OpenSSL

Mon Jul 26 16:04:14 PDT 2010

#811: Bus error encrypting/decrypting with OpenSSL
-------------------------------+--------------------------------------------
 Reporter:  pwilson@…          |        Owner:  lsansonetti@…        
     Type:  defect             |       Status:  closed               
 Priority:  blocker            |    Milestone:  MacRuby 0.7          
Component:  MacRuby            |   Resolution:  fixed                
 Keywords:                     |  
-------------------------------+--------------------------------------------
Changes (by martinlagardette@…):

  * status:  new => closed
  * resolution:  => fixed

Old description:

> I've verified that Trac 809 fixes an OpenSSL bug I ran into, but I'm
> running into additional failures later in the process of doing
> encryption/decryption operations.  I'm attaching a test file that first
> encrypts some data with an RSA key and then decrypts it.
>
> On encryption, the script bus errors with this stack trace:
>
> {{{
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000000100972cd8
> 0x00007fff84444289 in BN_bn2bin ()
> (gdb) bt
> #0  0x00007fff84444289 in BN_bn2bin ()
> #1  0x00007fff844b0634 in RSA_eay_public_encrypt ()
> #2  0x00007fff844c4c6b in RSA_public_encrypt ()
> #3  0x0000000103d1ad79 in ossl_rsa_public_encrypt ()
> #4  0x00000001001408e9 in rb_vm_dispatch ()
> #5  0x0000000103a00d50 in ?? ()
> #6  0x0000000103a03d1c in ?? ()
> #7  0x0000000100140805 in rb_vm_dispatch ()
> #8  0x0000000103a00d50 in ?? ()
> #9  0x0000000103a00346 in ?? ()
> #10 0x000000010014d5b8 in rb_vm_run ()
> #11 0x0000000100040530 in ruby_run_node ()
> #12 0x0000000100000d28 in main ()
> }}}
>
> If I encrypt the data using Ruby 1.9.2, save it to a file, and then use
> MacRuby to decrypt it, I get this stack trace:
>
> {{{
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000000100972cd8
> 0x00007fffffe007c5 in __memcpy ()
> (gdb) bt
> #0  0x00007fffffe007c5 in __memcpy ()
> #1  0x00007fff8449e138 in RSA_padding_check_PKCS1_type_2 ()
> #2  0x00007fff844b127e in RSA_eay_private_decrypt ()
> #3  0x00007fff844c4c8b in RSA_private_decrypt ()
> #4  0x0000000103c1a8a8 in ossl_rsa_private_decrypt ()
> #5  0x00000001001408e9 in rb_vm_dispatch ()
> #6  0x0000000103a00be0 in ?? ()
> #7  0x0000000103a0aa8d in ?? ()
> #8  0x000000010014082b in rb_vm_dispatch ()
> #9  0x0000000103a00be0 in ?? ()
> #10 0x0000000103a0a344 in ?? ()
> #11 0x0000000100140846 in rb_vm_dispatch ()
> #12 0x0000000103a00be0 in ?? ()
> #13 0x0000000103a0023e in ?? ()
> #14 0x000000010014d5b8 in rb_vm_run ()
> #15 0x0000000100040530 in ruby_run_node ()
> #16 0x0000000100000d28 in main ()
> }}}
>
> Looking at the source code, I assume it is pretty much the same issue as
> fixed in Trac 809 (revision 4373) for the Cipher code. Ie...
>
> {{{
> -       str = rb_str_new(0, out_len);
> +       str = rb_bstr_new();
> +       rb_bstr_resize(str, out_len);
> }}}

New description:

 I've verified that Trac #809 fixes an OpenSSL bug I ran into, but I'm
 running into additional failures later in the process of doing
 encryption/decryption operations.  I'm attaching a test file that first
 encrypts some data with an RSA key and then decrypts it.

 On encryption, the script bus errors with this stack trace:

 {{{
 Program received signal EXC_BAD_ACCESS, Could not access memory.
 Reason: KERN_PROTECTION_FAILURE at address: 0x0000000100972cd8
 0x00007fff84444289 in BN_bn2bin ()
 (gdb) bt
 #0  0x00007fff84444289 in BN_bn2bin ()
 #1  0x00007fff844b0634 in RSA_eay_public_encrypt ()
 #2  0x00007fff844c4c6b in RSA_public_encrypt ()
 #3  0x0000000103d1ad79 in ossl_rsa_public_encrypt ()
 #4  0x00000001001408e9 in rb_vm_dispatch ()
 #5  0x0000000103a00d50 in ?? ()
 #6  0x0000000103a03d1c in ?? ()
 #7  0x0000000100140805 in rb_vm_dispatch ()
 #8  0x0000000103a00d50 in ?? ()
 #9  0x0000000103a00346 in ?? ()
 #10 0x000000010014d5b8 in rb_vm_run ()
 #11 0x0000000100040530 in ruby_run_node ()
 #12 0x0000000100000d28 in main ()
 }}}

 If I encrypt the data using Ruby 1.9.2, save it to a file, and then use
 MacRuby to decrypt it, I get this stack trace:

 {{{
 Program received signal EXC_BAD_ACCESS, Could not access memory.
 Reason: KERN_PROTECTION_FAILURE at address: 0x0000000100972cd8
 0x00007fffffe007c5 in __memcpy ()
 (gdb) bt
 #0  0x00007fffffe007c5 in __memcpy ()
 #1  0x00007fff8449e138 in RSA_padding_check_PKCS1_type_2 ()
 #2  0x00007fff844b127e in RSA_eay_private_decrypt ()
 #3  0x00007fff844c4c8b in RSA_private_decrypt ()
 #4  0x0000000103c1a8a8 in ossl_rsa_private_decrypt ()
 #5  0x00000001001408e9 in rb_vm_dispatch ()
 #6  0x0000000103a00be0 in ?? ()
 #7  0x0000000103a0aa8d in ?? ()
 #8  0x000000010014082b in rb_vm_dispatch ()
 #9  0x0000000103a00be0 in ?? ()
 #10 0x0000000103a0a344 in ?? ()
 #11 0x0000000100140846 in rb_vm_dispatch ()
 #12 0x0000000103a00be0 in ?? ()
 #13 0x0000000103a0023e in ?? ()
 #14 0x000000010014d5b8 in rb_vm_run ()
 #15 0x0000000100040530 in ruby_run_node ()
 #16 0x0000000100000d28 in main ()
 }}}

 Looking at the source code, I assume it is pretty much the same issue as
 fixed in Trac #809 (r4373) for the Cipher code. Ie...

 {{{
 #!diff
 -       str = rb_str_new(0, out_len);
 +       str = rb_bstr_new();
 +       rb_bstr_resize(str, out_len);
 }}}

--

Comment:

 Should be fixed with r4384 :

 {{{
 $> macruby /tmp/failure.rb
 The quick brown fox jumped over the lazy fox.
 $>
 }}}

-- 
Ticket URL: <http://www.macruby.org/trac/ticket/811#comment:1>
MacRuby <http://macruby.org/>