Date: Tue, 7 Oct 1997 15:35:30 -0500 (CDT) From: karl@mcs.net To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: misc/4722: Serious bug in the libdes library (under secure) Message-ID: <199710072035.PAA15733@Codebase.mcs.net> Resent-Message-ID: <199710072040.NAA21458@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4722 >Category: misc >Synopsis: enc_writ.c has a missing "static" declaration >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 7 13:40:00 PDT 1997 >Last-Modified: >Originator: Karl Denninger >Organization: MCSNet >Release: FreeBSD 3.0-CURRENT i386 >Environment: All 2.2 and later versions >Description: The module enc_writ.c in /usr/src/secure/lib/libdes is missing a "static" declaration for a buffer. This causes a buffer to be continually malloc(3)d on each invocation, eventually leading to memory exhaustion (it should only be malloc'd once) since the space is never free(3)d and the intent is to grab heap on start-up and keep it for the duration of the execution of the program. Alternatively, if you're unlucky and the stack area you're pointing to is not initialized to zeros on each call, you get random results which could be far worse and lead to segmentation violations or corrupted data. This code has not been touched in a LONG time; we knew of a problem quite some time ago, but weren't quite sure what was going on until recently when it became important to run down. >How-To-Repeat: Any code which calls des_enc_write() a sufficient number of times will eventually experience this problem. The symptom is that des_enc_write() will eventually return an error (-1) with errno set to 12 (ENOMEM). >Fix: Index: enc_writ.c =================================================================== RCS file: /usr/cvs/src/secure/lib/libdes/enc_writ.c,v retrieving revision 1.1.1.2 diff -r1.1.1.2 enc_writ.c 68c68 < char *outbuf=NULL; --- > static char *outbuf=NULL; >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710072035.PAA15733>