wget-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Wget-dev] wget2 | test-ocsp-server fails on 32bit build (with ASAN) (#4


From: Tim Rühsen
Subject: [Wget-dev] wget2 | test-ocsp-server fails on 32bit build (with ASAN) (#478)
Date: Fri, 20 Sep 2019 14:09:31 +0000


Tim Rühsen created an issue: https://gitlab.com/gnuwget/wget2/issues/478



```
$ cat tests/test-ocsp-server.log 
Removed test directory '../.test_7078'
cmd=/src/wget2/tests/../src/wget2_noinstall -d --no-config --no-local-db 
--max-threads=1 --prefer-family=ipv4 --no-proxy --timeout 10 
--ca-certificate=/src/wget2/tests/certs/ocsp/x509-root-cert.pem --no-ocsp-file 
--no-ocsp-date --no-ocsp-nonce --ocsp --ocsp-server http://localhost:36671 
"https://localhost:38655/index.html"; 2>&1

  Testing '/src/wget2/tests/../src/wget2_noinstall -d --no-config --no-local-db 
--max-threads=1 --prefer-family=ipv4 --no-proxy --timeout 10 
--ca-certificate=/src/wget2/tests/certs/ocsp/x509-root-cert.pem --no-ocsp-file 
--no-ocsp-date --no-ocsp-nonce --ocsp --ocsp-server http://localhost:36671 
"https://localhost:38655/index.html"; 2>&1'
=================================================================
==7078==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xf44fe1e4 at 
pc 0x0813ba3f bp 0xf44fe148 sp 0xf44fe140
WRITE of size 4 at 0xf44fe1e4 thread T2 (MHD-single)
    #0 0x813ba3e in _ocsp_cert_callback /src/wget2/tests/libtest.c:311:13
    #1 0x8279dd5 in call_legacy_cert_cb2 /src/gnutls/lib/cert-cred.c:731:8
    #2 0x841be19 in call_get_cert_callback /src/gnutls/lib/auth/cert.c:443:7
    #3 0x8423584 in _gnutls_select_server_cert 
/src/gnutls/lib/auth/cert.c:1541:10
    #4 0x842f9b0 in _gnutls_figure_common_ciphersuite 
/src/gnutls/lib/algorithms/ciphersuites.c:1515:13
    #5 0x8217026 in _gnutls_server_select_suite 
/src/gnutls/lib/handshake.c:1088:8
    #6 0x821a291 in read_client_hello /src/gnutls/lib/handshake.c:803:8
    #7 0x8215fea in _gnutls_recv_handshake /src/gnutls/lib/handshake.c:1569:10
    #8 0x82245cc in handshake_server /src/gnutls/lib/handshake.c:3337:7
    #9 0x821e932 in gnutls_handshake /src/gnutls/lib/handshake.c:2727:9
    #10 0x81e150b in MHD_run_tls_handshake_ 
/src/libmicrohttpd-0.9.66/src/microhttpd/connection_https.c:155:13
    #11 0x81997b9 in MHD_connection_handle_read 
/src/libmicrohttpd-0.9.66/src/microhttpd/connection.c:3185:16
    #12 0x81c5066 in call_handlers 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:1205:11
    #13 0x81b7110 in internal_run_from_select 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:3515:11
    #14 0x81b815e in MHD_select 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:3779:18
    #15 0x81c0073 in MHD_polling_thread 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:4698:2
    #16 0x81d60b4 in named_thread_starter 
/src/libmicrohttpd-0.9.66/src/microhttpd/mhd_threads.c:275:10
    #17 0x810a9d2 in __asan::AsanThread::ThreadStart(unsigned long long, 
__sanitizer::atomic_uintptr_t*) 
/src/llvm/projects/compiler-rt/lib/asan/asan_thread.cpp:262:25
    #18 0x80e95b7 in asan_thread_start(void*) 
/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cpp:200:13
    #19 0xf7ef0269 in start_thread 
/build/glibc-LK5gWL/glibc-2.23/nptl/pthread_create.c:333
    #20 0xf7d9a41d in clone (/lib32/libc.so.6+0xe541d)

Address 0xf44fe1e4 is located in stack of thread T2 (MHD-single) at offset 36 
in frame
    #0 0x841bb1f in call_get_cert_callback /src/gnutls/lib/auth/cert.c:409

  This frame has 7 object(s):
    [16, 20) 'local_key' (line 410)
    [32, 36) 'pcert' (line 414) <== Memory access at offset 36 overflows this 
variable
    [48, 52) 'ocsp' (line 415)
    [64, 68) 'ocsp_length' (line 416)
    [80, 84) 'pcert_length' (line 417)
    [96, 184) 'info' (line 431)
    [224, 228) 'flags' (line 432)
HINT: this may be a false positive if your program uses some custom stack 
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
Thread T2 (MHD-single) created by T0 here:
    #0 0x80e94ac in pthread_create 
/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cpp:209:3
    #1 0x81d5da6 in MHD_create_thread_ 
/src/libmicrohttpd-0.9.66/src/microhttpd/mhd_threads.c:203:11
    #2 0x81d5f66 in MHD_create_named_thread_ 
/src/libmicrohttpd-0.9.66/src/microhttpd/mhd_threads.c:350:9
    #3 0x81bb2df in MHD_start_daemon_va 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:6338:17
    #4 0x81b85e7 in MHD_start_daemon 
/src/libmicrohttpd-0.9.66/src/microhttpd/daemon.c:4771:12
    #5 0x813424f in _http_server_start /src/wget2/tests/libtest.c:779:18
    #6 0x8133d23 in wget_test_start_server /src/wget2/tests/libtest.c:1298:13
    #7 0x81315ed in main /src/wget2/tests/test-ocsp-server.c:36:2
    #8 0xf7ccd636 in __libc_start_main (/lib32/libc.so.6+0x18636)

SUMMARY: AddressSanitizer: stack-buffer-overflow 
/src/wget2/tests/libtest.c:311:13 in _ocsp_cert_callback
Shadow bytes around the buggy address:
  0x3e89fbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fbf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fc10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fc20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x3e89fc30: 00 00 00 00 00 00 00 00 f1 f1 04 f2[04]f2 04 f2
  0x3e89fc40: 04 f2 04 f2 00 00 00 00 00 00 00 00 00 00 00 f2
  0x3e89fc50: f2 f2 f2 f2 04 f3 00 00 00 00 00 00 00 00 00 00
  0x3e89fc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fc70: f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3e89fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==7078==ABORTING
FAIL test-ocsp-server (exit status: 1)
```

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/issues/478
You're receiving this email because of your account on gitlab.com.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]