Project

General

Profile

Actions

Bug #14376

closed

smbsrv: 'find_mech' accessing 32 bytes in a region of size ...

Added by Toomas Soome 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
smb - SMB server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Build error with gcc 11:

    ../../common/fs/smbsrv/smb3_encrypt_kcf.c: In function 'smb3_aes_ccm_getmech':
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:56:17: error: 'find_mech' accessing 32 bytes in a region of size 12 [-Werror=stringop-overflow=]
       56 |         return (find_mech(mech, SUN_CKM_AES_CCM));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:56:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_crypto_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c: In function 'smb3_aes_gcm_getmech':
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:62:17: error: 'find_mech' accessing 32 bytes in a region of size 12 [-Werror=stringop-overflow=]
       62 |         return (find_mech(mech, SUN_CKM_AES_GCM));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:62:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbsrv/smb3_encrypt_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_crypto_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    cc1: all warnings being treated as errors

    ../../common/fs/smbsrv/smb_sign_kcf.c: In function 'smb_md5_getmech':
    ../../common/fs/smbsrv/smb_sign_kcf.c:56:17: error: 'find_mech' accessing 32 bytes in a region of size 8 [-Werror=stringop-overflow=]
       56 |         return (find_mech(mech, SUN_CKM_MD5));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbsrv/smb_sign_kcf.c:56:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbsrv/smb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_crypto_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    ../../common/fs/smbsrv/smb_sign_kcf.c: In function 'smb2_hmac_getmech':
    ../../common/fs/smbsrv/smb_sign_kcf.c:125:17: error: 'find_mech' accessing 32 bytes in a region of size 16 [-Werror=stringop-overflow=]
      125 |         return (find_mech(mech, SUN_CKM_SHA256_HMAC));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbsrv/smb_sign_kcf.c:125:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbsrv/smb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_crypto_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    ../../common/fs/smbsrv/smb_sign_kcf.c: In function 'smb3_cmac_getmech':
    ../../common/fs/smbsrv/smb_sign_kcf.c:205:17: error: 'find_mech' accessing 32 bytes in a region of size 13 [-Werror=stringop-overflow=]
      205 |         return (find_mech(mech, SUN_CKM_AES_CMAC));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbsrv/smb_sign_kcf.c:205:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbsrv/smb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_crypto_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    cc1: all warnings being treated as errors

The roots are same as in 14353, fixed size char array was used to declare parameter, where we should have const char *.


Related issues

Related to illumos gate - Bug #14353: crypto_mech2id should take unlimited string argumentClosedToomas Soome

Actions
Related to illumos gate - Bug #14377: nsmb: 'find_mech' accessing 32 bytes in a region of size ...ClosedToomas Soome

Actions
Actions #1

Updated by Toomas Soome 7 months ago

  • Related to Bug #14353: crypto_mech2id should take unlimited string argument added
Actions #2

Updated by Electric Monk 7 months ago

  • Gerrit CR set to 1921
Actions #3

Updated by Toomas Soome 7 months ago

  • Related to Bug #14377: nsmb: 'find_mech' accessing 32 bytes in a region of size ... added
Actions #4

Updated by Electric Monk 7 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit eba274b9392a53f991f6ca04d624533172d46fd4

commit  eba274b9392a53f991f6ca04d624533172d46fd4
Author: Toomas Soome <tsoome@me.com>
Date:   2022-01-11T17:19:59.000Z

    14376 smbsrv: 'find_mech' accessing 32 bytes in a region of size ...
    Reviewed by: Jason King <jason.brian.king@gmail.com>
    Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF