"Help with EVP_CipherInit"

Olatunji Oluwabukunmi Ruwase tjruwase at stanford.edu
Mon Jul 8 15:41:51 EST 2002 

Hello,
 I am working on a bounds checking gcc(based on Richard Jones work)
with a low enough overhead that will make it acceptable in production code.
 And i obtained openssh-3.2.2p1 with the view of testing the effectiveness
of my code detecting the recently reported vunerability,but my code fails
on with an error report of a use of memcpy with overlapping source and
destination regions. I have being able to narrow it down to a call to
EVP_CipherInit in cipher.c:224(function cipher_init).
I checked but couldn't find any man page of EVP_CipherInit.
I will appreciate if u can give me any info on the implementation of
EVP_CipherInit such as to explain this scenario.
Below are some information i hope will be useful.
Thanks

tunji


 Debugging using ddd shows this error comes
up the 4th time this line is executed and the arguments to cipher_init
are

Breakpoint 5, cipher_init (cc=0x814ede0, cipher=0x813fc40, key=0x8189480
"í\2110\231ß%\210Æëd¿\222zv\236ô6QO]", keylen=16, iv=0x8189420
"nfø^'oQo½V¶Á³¯Ì»´\f»W", ivlen=16, encrypt=1) at cipher.c:224


Below is the output i obtained running directly
[tjruwase at speedracer openssh-3.2.2p1]$ ./ssh tjruwase at minnow
Bounds Checking GCC v gcc-3.0-3.0 Copyright (C) 1995 Richard W.M. Jones
Bounds Checking comes with ABSOLUTELY NO WARRANTY. For details see file
`COPYING' that should have come with the source to this program.
Bounds Checking is free software, and you are welcome to redistribute it
under certain conditions. See the file `COPYING' for details.
For more information, set GCC_BOUNDS_OPTS to `-help'
<unknown>:0:Bounds error: in memcpy with 0x814edf8 and 0x814edf0 for 16,
source and destination objects overlap.
<unknown>:0:  Pointer value: 0x814edf8
<unknown>:0:  Object `send_context':
<unknown>:0:    Address in memory:    0x814ede0 .. 0x814fe5f
<unknown>:0:    Size:                 4224 bytes
<unknown>:0:    Element size:         1 bytes
<unknown>:0:    Number of elements:   4224
<unknown>:0:    Created at:           packet.c, line 86
<unknown>:0:    Storage class:        static
Abort (core dumped)
[tjruwase at speedracer openssh-3.2.2p1]$

More information about the openssh-unix-dev mailing list