On Tue, Apr 25, 2023 at 7:12 PM Dwight Kulkarni <
dwi...@realtime-7.com> wrote:
>
> I got it working by implementing the raw Integer method. See my code below, previous encryption is commented out. I don't know why but it wasn't working otherwise and I think it has something to do with memory allocation maybe it works with -static flag because some references are staying in scope as the entire library is loaded into RAM ?
>
> I had to implement the PKCS1v15 again but I would like to know what is wrong so I can write the code accordingly.
>
> I have the Integer c.
>
> 1) If I use snippet 1, get the vector and then read it into a string "res" and return it, this works.
>
> 2) If I use snippet 2, aka do the exact same thing in the function. It doesn't work. I am trying to think whether the Vector needs to be declared with new ? I am passing back the whole object not a pointer, so it should not go out of scope ?? But maybe the resarr2 is not a deep copy and when it goes out of scope the string data is also destroyed ?? On the other side, the serve complains with Snippet 2 and not with Snippet 1.
If you want someone to look at your programs, you need to provide a
minimal reproducer somewhere it can be cloned like GitHub or GitLab.
I'm not going to try to copy/paste it from the mailing list. I'm also
not going to try to make it compile due to missing functions and
missing main().
Now, onto your memory problems. Use Address Sanitizer or Valgrind to
locate the memory error. I recommend Address Sanitizer (Asan). Asan
produces the best debug and diagnostics. Follow these steps.
# where the Crypto++ sources are
cd cryptopp
make distclean
# make the library
CXXFLAGS="-DNDEBUG -g3 -O1 -fsanitize=address" make -j 5
# test the library. Notice no memory errors
./cryptest.exe vv
# copy your test program. Be sure to name it *.cxx
cp ../../test.cxx .
g++ -o test.exe -DNDEBUG -g3 -O1 -I. -fsanitize=address test.cxx ./libcryptopp.a
# run your program
./test.exe
Attached is my broken test.cxx. I used a vector that was too small:
size_t len = n.MinEncodedSize(Integer::UNSIGNED);
std::vector<byte> v(len-4);
n.Encode((byte*)&v[0], v.size()+4, Integer::UNSIGNED);
Here is the result of my broken test program:
$ g++ -o test.exe -DNDEBUG -g3 -O1 -I. -fsanitize=address test.cxx
./libcryptopp.a
$ ./test.exe
=================================================================
==12167==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000003c at pc 0x7ffb24239e67 bp 0x7ffd10274f30 sp
0x7ffd102746d8
WRITE of size 1 at 0x60200000003c thread T0
#0 0x7ffb24239e66 in __interceptor_memmove
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
#1 0x55a0a1c8cac2 in memmove
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:36
#2 0x55a0a1c8cac2 in CryptoPP::ArraySink::Put2(unsigned char
const*, unsigned long, int, bool)
/home/jwalton/cryptopp/filters.cpp:545
#3 0x55a0a1b1f642 in
CryptoPP::BufferedTransformation::Put(unsigned char const*, unsigned
long, bool) /home/jwalton/cryptopp/cryptlib.h:1689
#4 0x55a0a1b1f642 in
CryptoPP::BufferedTransformation::Put(unsigned char, bool)
/home/jwalton/cryptopp/cryptlib.h:1679
#5 0x55a0a1b1f642 in
CryptoPP::Integer::Encode(CryptoPP::BufferedTransformation&, unsigned
long, CryptoPP::Integer::Signedness) const
/home/jwalton/cryptopp/integer.cpp:3439
#6 0x55a0a1b1fa84 in CryptoPP::Integer::Encode(unsigned char*,
unsigned long, CryptoPP::Integer::Signedness) const
/home/jwalton/cryptopp/integer.cpp:3431
#7 0x55a0a1af64ac in main /home/jwalton/cryptopp/test.cxx:18
#8 0x7ffb23a29d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#9 0x7ffb23a29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#10 0x55a0a1af6004 in _start (/home/jwalton/cryptopp/test.exe+0x66004)
0x60200000003c is located 0 bytes to the right of 12-byte region
[0x602000000030,0x60200000003c)
allocated by thread T0 here:
#0 0x7ffb242b61c7 in operator new(unsigned long)
../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x55a0a1af632c in __gnu_cxx::new_allocator<unsigned
char>::allocate(unsigned long, void const*)
/usr/include/c++/11/ext/new_allocator.h:127
#2 0x55a0a1af632c in std::allocator_traits<std::allocator<unsigned
char> >::allocate(std::allocator<unsigned char>&, unsigned long)
/usr/include/c++/11/bits/alloc_traits.h:464
#3 0x55a0a1af632c in std::_Vector_base<unsigned char,
std::allocator<unsigned char> >::_M_allocate(unsigned long)
/usr/include/c++/11/bits/stl_vector.h:346
#4 0x55a0a1af632c in std::_Vector_base<unsigned char,
std::allocator<unsigned char> >::_M_create_storage(unsigned long)
/usr/include/c++/11/bits/stl_vector.h:361
#5 0x55a0a1af632c in std::_Vector_base<unsigned char,
std::allocator<unsigned char> >::_Vector_base(unsigned long,
std::allocator<unsigned char> const&)
/usr/include/c++/11/bits/stl_vector.h:305
#6 0x55a0a1af632c in std::vector<unsigned char,
std::allocator<unsigned char> >::vector(unsigned long,
std::allocator<unsigned char> const&)
/usr/include/c++/11/bits/stl_vector.h:511
#7 0x55a0a1af632c in main /home/jwalton/cryptopp/test.cxx:17
SUMMARY: AddressSanitizer: heap-buffer-overflow
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
in __interceptor_memmove
Shadow bytes around the buggy address:
0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 00 fa fa fa 00[04]fa fa fa fa fa fa fa fa
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc