Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undefined Behavior Sanitizer "errors" #5476

Open
claudioandre-br opened this issue May 13, 2024 · 6 comments
Open

Undefined Behavior Sanitizer "errors" #5476

claudioandre-br opened this issue May 13, 2024 · 6 comments
Labels
maintenance/cleanup

Comments

@claudioandre-br
Copy link
Member 

clang version 18.0.0 (https://github.com/llvm/llvm-project.git d50b56d18c96e0ce462d7236eb268c54098cbaf9)

Target CPU ......................................... x86_64 AVX2, 64-bit LE
AES-NI support ..................................... depends on OpenSSL
Target OS .......................................... linux-gnu

Optional libraries/features found:
[...]
OpenMP support ..................................... no
OpenCL support ..................................... no
[...]
Experimental code (default disabled) ............... no
ZTEX USB-FPGA module 1.15y support ................. no

Development options (these may hurt performance when enabled):
AddressSanitizer ("ASan") .......................... disabled
UndefinedBehaviorSanitizer ("UbSan") ............... enabled
Fuzzing test ....................................... no

Testing: andOTP [SHA256 32/64]... aes_gcm_plug.c:168:8: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior aes_gcm_plug.c:168:8 in 

Testing: RACF-KDFAES [KDFAES (DES + HMAC-SHA256/64 + AES-256)]...
racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

Testing: ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x2]...
zip_fmt_plug.c:144:27: runtime error: index 64 out of bounds for type 'unsigned char[60]'
@solardiz
Copy link
Member

Testing: andOTP [SHA256 32/64]... aes_gcm_plug.c:168:8: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior aes_gcm_plug.c:168:8 in

Per my review, this isn't even the only place where we end up doing NULL+0 in that file.

The code looks like it's from the hostap project, which Dhiru imported (with changes) in 2018. It looks like it wasn't the latest version even back then, missing some upstream changes from 2012. However, those changes don't appear to have fixed these NULL+0 issues, so I guess even upstream hostap still has those.

We might want to sync with upstream. As to NULL+0, one workaround may be to pass "" (empty string) down to functions in place of NULL pointers, which along with a length of 0 shouldn't matter anyway.

@solardiz
Copy link
Member

Testing: RACF-KDFAES [KDFAES (DES + HMAC-SHA256/64 + AES-256)]...
racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

This looks easy to fix, so I will.

Testing: ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x2]...
zip_fmt_plug.c:144:27: runtime error: index 64 out of bounds for type 'unsigned char[60]'

This looks like a real bug, but it's not obvious to me what fix is right. @magnumripper you seem to have introduced this in 4320dbe so perhaps it's yours to look into?

solardiz added a commit to solardiz/john that referenced this issue May 17, 2024
@solardiz
andOTP format: Avoid NULL+0 UB
5c936f3 
See openwall#5476
solardiz added a commit to solardiz/john that referenced this issue May 17, 2024
@solardiz
RACF-KDFAES format: Only extract 16 bits of index
4ebeeaf 
The mask is 16-bit anyway, and the previous code triggered clang UbSan:

racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

See openwall#5476
solardiz added a commit to solardiz/john that referenced this issue May 17, 2024
@solardiz
andOTP format: Avoid NULL+0 UB
cf70d03 
See openwall#5476
solardiz added a commit to solardiz/john that referenced this issue May 17, 2024
@solardiz
RACF-KDFAES format: Only extract 16 bits of index
cd3f129 
The mask is 16-bit anyway, and the previous code triggered clang UbSan:

racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

See openwall#5476
solardiz added a commit that referenced this issue May 17, 2024
@solardiz
andOTP format: Avoid NULL+0 UB
4b2083b 
See #5476
solardiz added a commit that referenced this issue May 17, 2024
@solardiz
RACF-KDFAES format: Only extract 16 bits of index
323b322 
The mask is 16-bit anyway, and the previous code triggered clang UbSan:

racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

See #5476
@solardiz
Copy link
Member

zip_fmt_plug.c:144:27: runtime error: index 64 out of bounds for type 'unsigned char[60]'

I'm puzzled as to why this is only detected by UbSan, but not ASan. Any ideas?

@claudioandre-br
Copy link
Member Author

No. The interesting thing is that the error message is very clear and direct!

So I tried to debug it myself, but I couldn't [1].

[1] It's a non-OpenMP build, maybe I mixed things up when I tried it.

@solardiz
Copy link
Member 

Testing: andOTP [SHA256 32/64]... aes_gcm_plug.c:168:8: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior aes_gcm_plug.c:168:8 in 

Testing: RACF-KDFAES [KDFAES (DES + HMAC-SHA256/64 + AES-256)]...
racf_kdfaes_fmt_plug.c:372:23: runtime error: left shift of 238 by 24 places cannot be represented in type 'int'

@claudioandre-br Please try re-enabling these tests in whatever setup you had detected the errors. These two should be fine now. Thank you!

@claudioandre-br
Copy link
Member Author

They are already enabled. This is the log obtained this Monday.

echo '------------------------- UBSAN fuzzing --------------------------'

../run/john --test=0
Testing: descrypt, traditional crypt(3) [DES 256/256 AVX2]... PASS
[...]
Testing: andOTP [SHA256 32/64]... PASS
[...]
Testing: RACF [DES 32/64]... PASS
Testing: RACF-KDFAES [KDFAES (DES + HMAC-SHA256/64 + AES-256)]... PASS
Testing: radius, RADIUS authentication [MD5 32/64]... PASS
[...]
Testing: crypt, generic crypt(3) [?/64]... PASS
All 423 formats passed self-tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
maintenance/cleanup
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@claudioandre-br @solardiz