With bounds checking patch for gcc-3.1 problems if using AES

Daniel Schröter d.schroeter at gmx.de
Wed Jul 10 05:07:48 EST 2002 

Hello developers,


Daniel Schröter wrote:
 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
 > debug1: kex_derive_keys
 > debug1: newkeys: mode 1
 > <unknown>:0:Bounds error: in memcpy with 0x1a5a38 and 0x1a5a30 for 16,
 > source and destination objects overlap.
 > <unknown>:0:  Pointer value: 0x1a5a38
 > <unknown>:0:  Object `send_context':
 > <unknown>:0:    Address in memory:    0x1a5a20 .. 0x1a6a9f
 > <unknown>:0:    Size:                 4224 bytes
 > <unknown>:0:    Element size:         1 bytes
 > <unknown>:0:    Number of elements:   4224
 > <unknown>:0:    Created at:           packet.c, line 87
 > <unknown>:0:    Storage class:        static
 > debug1: Calling cleanup 0x82b04(0x0)

like I said, I'm not the coding-expert, but I have some additional 
informations and a solution. I compiled OpenSSL with the CFLAG "-g" and 
now I get the file and linenumber where the problem occured:

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
evp_enc.c:105:Bounds error: in memcpy with 0x2bfc40 and 0x2bfc38 for 16,
source and destination objects overlap.
evp_enc.c:105:  Pointer value: 0x2bfc40
evp_enc.c:105:  Object `send_context':
evp_enc.c:105:    Address in memory:    0x2bfc28 .. 0x2c0ca7
evp_enc.c:105:    Size:                 4224 bytes
evp_enc.c:105:    Element size:         1 bytes
evp_enc.c:105:    Number of elements:   4224
evp_enc.c:105:    Created at:           packet.c, line 87
evp_enc.c:105:    Storage class:        static
debug1: Calling cleanup 0x91178(0x0)

The line 105 in file openssl-0.9.6d/crypto/evp/evp_enc.c is (maybe) the
problem.:

      memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));

So I take an update to
ftp://ftp.openssl.org/snapshot/openssl-SNAP-20020707.tar.gz
and it works fine. Also the Beta2 from openssl-0.9.7 works fine.

Sorry for the wrong mailingliste I have taken and that the bug is 
already fixed.


Bye



-- 
=========================================================
  PGP keyID: 9EA3FF2C
  $ gpg --keyserver wwwkeys.de.pgp.net --recv-key 9EA3FF2C
=========================================================

More information about the openssh-unix-dev mailing list