Project

General

Profile

Actions

Bug #14377

closed

nsmb: 'find_mech' accessing 32 bytes in a region of size ...

Added by Toomas Soome 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
smb - SMB server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

Build errors with gcc 11:

    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c: In function 'smb_md5_getmech':
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:56:17: error: 'find_mech' accessing 32 bytes in a region of size 8 [-Werror=stringop-overflow=]
       56 |         return (find_mech(mech, SUN_CKM_MD5));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:56:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_sign_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c: In function 'smb2_hmac_getmech':
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:125:17: error: 'find_mech' accessing 32 bytes in a region of size 16 [-Werror=stringop-overflow=]
      125 |         return (find_mech(mech, SUN_CKM_SHA256_HMAC));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:125:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_sign_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c: In function 'smb3_cmac_getmech':
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:205:17: error: 'find_mech' accessing 32 bytes in a region of size 13 [-Werror=stringop-overflow=]
      205 |         return (find_mech(mech, SUN_CKM_AES_CMAC));
          |                ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:205:17: note: referencing argument 2 of type 'char *'
    ../../common/fs/smbclnt/netsmb/nsmb_sign_kcf.c:35:1: note: in a call to function 'find_mech'
       35 | find_mech(smb_sign_mech_t *mech, crypto_mech_name_t name)
          | ^~~~~~~~~
    cc1: all warnings being treated as errors

The roots are same as in 14353, fixed size char array was used to declare parameter, where we should have const char *.


Related issues

Related to illumos gate - Bug #14353: crypto_mech2id should take unlimited string argumentClosedToomas Soome

Actions
Related to illumos gate - Bug #14376: smbsrv: 'find_mech' accessing 32 bytes in a region of size ...ClosedToomas Soome

Actions
Actions #1

Updated by Toomas Soome 7 months ago

  • Related to Bug #14353: crypto_mech2id should take unlimited string argument added
Actions #2

Updated by Toomas Soome 7 months ago

  • Related to Bug #14376: smbsrv: 'find_mech' accessing 32 bytes in a region of size ... added
Actions #3

Updated by Electric Monk 7 months ago

  • Gerrit CR set to 1922
Actions #4

Updated by Electric Monk 7 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit 6a9d71e52548eedf5ce59148e7e6b8ce5f61a4a0

commit  6a9d71e52548eedf5ce59148e7e6b8ce5f61a4a0
Author: Toomas Soome <tsoome@me.com>
Date:   2022-01-11T17:23:26.000Z

    14377 nsmb: 'find_mech' accessing 32 bytes in a region of size ...
    Reviewed by: Jason King <jason.brian.king@gmail.com>
    Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Actions

Also available in: Atom PDF