Overlong message chunk in secret stream push causes "double free or corruption" VM crash #81
Comments
|
I'd be up for adding some additional checks similar to #66 but I wonder if there might be a more terse way of doing it. Maybe calls like public void assertArrayBounds(byte[] array, int len) {
if(len < 0) throw new IllegalArgumentException("Out of bounds: Negative length");
if(len > array.length) throw new IllegalArgumentException("Out of bounds: Length greater than array length");
}It might also make sense to switch some of the Checker stuff over to throw rather than validate, but I haven't looked closely at how that's currently used. |
|
This looks to be an awesome suggestion! Libsodium does do checks... sometimes... but it can't do everything 😀 Writing C libraries is a difficult endeavour. Porting those C libs to use in another language is even more difficult! I suppose what I'm trying (and failing) to say is that Lazysodium's job is to make up for Libsodium's downsides 🙂 If you could write some functionality in just as you suggested then I can merge it in. Feel free to decline and I'll add it to my to-do list 🙂 |
|
OK, I'll see if I can work up a PR! |
|
Before I go too far down this road, does this kind of change look like something you'd be happy with? timmc/lazysodium-java@test-fast-random...more-bounds-checks |
|
Yes that's perfect 👍 |
This comes out of issue terl#81 in which a call to `cryptoSecretStreamPush` with an incorrectly sized array lead to a VM crash. - Add array checkers to BaseChecker and use in LazySodium - Simplify some existing checks by moving the `throw` into the check method; add reporting of which variable failed a check - Add checkers for SecretStream - Split PwHash.Checker.checkAll into individual check calls to reduce chance of positional argument errors
This is not comprehensive coverage, but should take care of a number of unguarded calls. It comes out of issue terl#81 in which a call to `cryptoSecretStreamPush` with an incorrectly sized array lead to a VM crash. - Add array checkers to BaseChecker - Simplify some existing checks by moving the `throw` into the check method; add reporting of which variable failed a check - Add checkers for SecretStream - Split PwHash.Checker.checkAll into individual check calls to reduce chance of positional argument errors
This is not comprehensive coverage, but should take care of a number of unguarded calls. It comes out of issue terl#81 in which a call to `cryptoSecretStreamPush` with an incorrectly sized array lead to a VM crash. - Add array checkers to BaseChecker - Simplify some existing checks by moving the `throw` into the check method; add reporting of which variable failed a check - Add checkers for SecretStream - Split PwHash.Checker.checkAll into individual check calls to reduce chance of positional argument errors
|
I created a PR to add checks: #95 However, it's failing on what I think is an existing incorrect test or implementation -- could you check it out? |
I was getting VM crashes after some code changes where I messed up buffer sizes, and I've narrowed it down to this simplified repro case (in Kotlin):
It could probably be simplified more, but it looks like
cryptoSecretStreamPushdoesn't check byte array sizes before calling libsodium, and libsodium doesn't check either. I think what's going on is that if the message array is too large, libsodium ends up writing past the end of the cipher array and causing memory corruption. I suppose this is similar to issue #64.The text was updated successfully, but these errors were encountered: