Actions
Bug #14353
closed
crypto_mech2id should take unlimited string argument
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
Build errors with gcc 11:
../../common/io/cryptmod.c: In function 'cryptmodopen':
../../common/io/cryptmod.c:295:26: error: 'crypto_mech2id' accessing 32 bytes in a region of size 15 [-Werror=stringop-overflow=]
295 | sha1_hmac_mech = crypto_mech2id(SUN_CKM_SHA1_HMAC);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:295:26: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:296:25: error: 'crypto_mech2id' accessing 32 bytes in a region of size 13 [-Werror=stringop-overflow=]
296 | md5_hmac_mech = crypto_mech2id(SUN_CKM_MD5_HMAC);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:296:25: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:297:26: error: 'crypto_mech2id' accessing 32 bytes in a region of size 10 [-Werror=stringop-overflow=]
297 | sha1_hash_mech = crypto_mech2id(SUN_CKM_SHA1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:297:26: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:298:25: error: 'crypto_mech2id' accessing 32 bytes in a region of size 8 [-Werror=stringop-overflow=]
298 | md5_hash_mech = crypto_mech2id(SUN_CKM_MD5);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:298:25: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c: In function 'setup_crypto':
../../common/io/cryptmod.c:2702:41: error: 'crypto_mech2id' accessing 32 bytes in a region of size 12 [-Werror=stringop-overflow=]
2702 | cd->mech_type = crypto_mech2id(SUN_CKM_DES_CBC);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:2702:41: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:2696:41: error: 'crypto_mech2id' accessing 32 bytes in a region of size 12 [-Werror=stringop-overflow=]
2696 | cd->mech_type = crypto_mech2id(SUN_CKM_DES_ECB);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:2696:41: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:2706:41: error: 'crypto_mech2id' accessing 32 bytes in a region of size 13 [-Werror=stringop-overflow=]
2706 | cd->mech_type = crypto_mech2id(SUN_CKM_DES3_CBC);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:2706:41: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:2714:41: error: 'crypto_mech2id' accessing 32 bytes in a region of size 8 [-Werror=stringop-overflow=]
2714 | cd->mech_type = crypto_mech2id(SUN_CKM_RC4);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:2714:41: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
../../common/io/cryptmod.c:2719:41: error: 'crypto_mech2id' accessing 32 bytes in a region of size 12 [-Werror=stringop-overflow=]
2719 | cd->mech_type = crypto_mech2id(SUN_CKM_AES_ECB);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../common/io/cryptmod.c:2719:41: note: referencing argument 1 of type 'char *'
In file included from ../../common/sys/cryptmod.h:40,
from ../../common/io/cryptmod.c:60:
../../common/sys/crypto/api.h:59:27: note: in a call to function 'crypto_mech2id'
59 | extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
There is a lot of noise, but the core of the problem is simple -- the crypto_mech2id() is declared to take argument char [32] but we do pass char arrays with different sizes. To fix, we should either change the function declaration, or use fixed size string.
Suggested by Jason, picking the path to change the argument to const char * - this would have the least impact because there are about 10 or so drivers affected by this issue.
Related issues
Updated by Toomas Soome 8 months ago
- Subject changed from cryptmod: accessing 32 bytes in a region of size ... to crypto_mech2id should take unlimited string argument
- Description updated (diff)
Updated by Electric Monk 7 months ago
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
git commit 74bc43b0515c1d5245354261e501b8923daba127
commit 74bc43b0515c1d5245354261e501b8923daba127
Author: Toomas Soome <tsoome@me.com>
Date: 2022-01-06T16:21:45.000Z
14353 crypto_mech2id should take unlimited string argument
Reviewed by: Jason King <jason.brian.king@gmail.com>
Approved by: Dan McDonald <danmcd@joyent.com>
Updated by Toomas Soome 7 months ago
- Related to Bug #14376: smbsrv: 'find_mech' accessing 32 bytes in a region of size ... added
Updated by Toomas Soome 7 months ago
- Related to Bug #14377: nsmb: 'find_mech' accessing 32 bytes in a region of size ... added
Actions