Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
mcrypt problems / signal 11 / buffer overflow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
TomasV
n00b
n00b


Joined: 05 Oct 2009
Posts: 10

PostPosted: Thu Jun 17, 2010 9:10 pm    Post subject: mcrypt problems / signal 11 / buffer overflow Reply with quote

Hi everyone,

I needed to encrypt some files and I planned to use mcrypt, but I've run into some strange troubles with buffer overflows and segmentation faults :-(

With mcrypt-2.6.7 I get this

Code:
# mcrypt myfile.txt
Enter the passphrase (maximum of 512 characters)                                 
Please use a combination of upper and lower case letters and numbers.             
Enter passphrase:
Enter passphrase:

*** buffer overflow detected ***: mcrypt terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xb7640db8]
/lib/libc.so.6[0xb763ee00]
mcrypt[0x805279d]
======= Memory map: ========
08048000-0805a000 r-xp 00000000 08:43 7239820    /usr/bin/mcrypt
0805a000-0805b000 r--p 00011000 08:43 7239820    /usr/bin/mcrypt
0805b000-0805c000 rw-p 00012000 08:43 7239820    /usr/bin/mcrypt
0805c000-08083000 rw-p 00000000 00:00 0
085d0000-085f1000 rw-p 00000000 00:00 0          [heap]
b72d9000-b734d000 rw-p 00000000 00:00 0
b738b000-b7397000 r-xp 00000000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1
b7397000-b7398000 r--p 0000b000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1
b7398000-b7399000 rw-p 0000c000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1
b73c1000-b73cb000 r-xp 00000000 08:43 6477056    /lib/libnss_files-2.10.1.so
b73cb000-b73cc000 r--p 00009000 08:43 6477056    /lib/libnss_files-2.10.1.so
b73cc000-b73cd000 rw-p 0000a000 08:43 6477056    /lib/libnss_files-2.10.1.so
b73cd000-b73d6000 r-xp 00000000 08:43 6477055    /lib/libnss_nis-2.10.1.so
b73d6000-b73d7000 r--p 00008000 08:43 6477055    /lib/libnss_nis-2.10.1.so
b73d7000-b73d8000 rw-p 00009000 08:43 6477055    /lib/libnss_nis-2.10.1.so
b73d8000-b73eb000 r-xp 00000000 08:43 6477065    /lib/libnsl-2.10.1.so
b73eb000-b73ec000 r--p 00012000 08:43 6477065    /lib/libnsl-2.10.1.so
b73ec000-b73ed000 rw-p 00013000 08:43 6477065    /lib/libnsl-2.10.1.so
b73ed000-b73ef000 rw-p 00000000 00:00 0
b73ef000-b73f5000 r-xp 00000000 08:43 6477087    /lib/libnss_compat-2.10.1.so
b73f5000-b73f6000 r--p 00006000 08:43 6477087    /lib/libnss_compat-2.10.1.so
b73f6000-b73f7000 rw-p 00007000 08:43 6477087    /lib/libnss_compat-2.10.1.so
b73f7000-b7559000 r--p 00000000 08:43 3587265    /usr/lib/locale/locale-archive
b7559000-b755a000 rw-p 00000000 00:00 0
b755a000-b769c000 r-xp 00000000 08:43 6475863    /lib/libc-2.10.1.so
b769c000-b769e000 r--p 00142000 08:43 6475863    /lib/libc-2.10.1.so
b769e000-b769f000 rw-p 00144000 08:43 6475863    /lib/libc-2.10.1.so
b769f000-b76a2000 rw-p 00000000 00:00 0
b76a2000-b76c7000 r-xp 00000000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8
b76c7000-b76c8000 r--p 00024000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8
b76c8000-b76ca000 rw-p 00025000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8
b76ca000-b76cf000 rw-p 00000000 00:00 0
b76cf000-b7712000 r-xp 00000000 08:43 793561     /usr/lib/libmhash.so.2.0.1
b7712000-b7713000 r--p 00042000 08:43 793561     /usr/lib/libmhash.so.2.0.1
b7713000-b7714000 rw-p 00043000 08:43 793561     /usr/lib/libmhash.so.2.0.1
b7714000-b7725000 r-xp 00000000 08:43 29553      /lib/libz.so.1.2.3
b7725000-b7726000 r--p 00010000 08:43 29553      /lib/libz.so.1.2.3
b7726000-b7727000 rw-p 00011000 08:43 29553      /lib/libz.so.1.2.3
b7727000-b7728000 rw-p 00000000 00:00 0
b7750000-b776c000 r-xp 00000000 08:43 6477080    /lib/ld-2.10.1.so
b776c000-b776d000 r--p 0001c000 08:43 6477080    /lib/ld-2.10.1.so
b776d000-b776e000 rw-p 0001d000 08:43 6477080    /lib/ld-2.10.1.so
bff2c000-bff34000 rw-p 00000000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Neúspěšně ukončen (SIGABRT)


and with mcrypt-2.6.8 (unmasked) I get this

Code:
# mcrypt myfile.txt
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:


In both cases the libmcrypt version is 2.5.8-r1.

Is there something wrong with mcrypt or with the whole system? I've visited the http://mcrypt.sourceforge.net site but it seems rather inactive and I've found no clue there.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15977

PostPosted: Fri Jun 18, 2010 3:10 am    Post subject: Reply with quote

Based on that output, version 2.6.7 had a buffer overflow bug that was successfully trapped by security features in glibc. The output you posted for 2.6.8 appears to be fine. Did you mean that it never finishes?

Do you specifically need mcrypt for this task? It is much more common to use gpg from app-crypt/gnupg.
Back to top
View user's profile Send private message
TomasV
n00b
n00b


Joined: 05 Oct 2009
Posts: 10

PostPosted: Fri Jun 18, 2010 12:11 pm    Post subject: Reply with quote

Hu wrote:
Based on that output, version 2.6.7 had a buffer overflow bug that was successfully trapped by security features in glibc. The output you posted for 2.6.8 appears to be fine. Did you mean that it never finishes?


Aaaaah, I haven't posted the complete 2.6.8 output! The last line saying the command was terminated with signal 11 (which is a segfault). So it fails just like the 2.6.7.

Hu wrote:
Do you specifically need mcrypt for this task? It is much more common to use gpg from app-crypt/gnupg.


Well, I've been using mcrypt library some time ago (in PHP), so it was a natural choice. But I have no problem selecting a different solution (for now I've used ccrypt but I'll look into the gnupg - not sure why I haven't used it in the first place).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum