OSS-Fuzz #31514: ECDSA signing branches on uninitialized memory
guidovranken opened this issue · 3 comments
guidovranken commented
Reproducer:
#include <stdlib.h>
#include <string.h>
#include <symcrypt.h>
#include <symcrypt_low_level.h>
#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }
void SymCryptFatal(UINT32 fatalCode) {
(void)fatalCode;
abort();
}
void SymCryptInjectError( PBYTE pbData, SIZE_T cbData ) {
(void)pbData;
(void)cbData;
}
PVOID SymCryptCallbackAlloc( SIZE_T nBytes ) {
return malloc(nBytes);
}
VOID SymCryptCallbackFree( VOID * pMem ) {
free(pMem);
}
SYMCRYPT_ERROR SymCryptCallbackRandom(PBYTE pbBuffer, SIZE_T cbBuffer ) {
memset(pbBuffer, 0xAA, cbBuffer);
return SYMCRYPT_NO_ERROR;
}
SYMCRYPT_CPU_FEATURES
SymCryptCpuFeaturesNeverPresent(void) {
return 0;
}
int main(void)
{
const unsigned char priv_bytes[] = {0xD3, 0x03, 0x3A, 0xD6, 0xF6, 0x04, 0x6D, 0x78, 0x44, 0x23, 0x42, 0x5C, 0xCA, 0x9A, 0xEE, 0x1A, 0x07, 0x69, 0x93, 0x58, 0xE3, 0x8E, 0x38, 0xE3, 0x8E, 0x38, 0xE3, 0x8E};
const unsigned char nonce_bytes[] = {0x31, 0xCB, 0x27, 0xF1, 0xD1, 0x42, 0x28, 0xEE, 0x5F, 0x42, 0xD1, 0xA8, 0x9A, 0xBD, 0x42, 0x4F, 0x65, 0xD1, 0xA1, 0x79, 0x02, 0xBC, 0x39, 0x58, 0xE3, 0x8E, 0x38, 0xE3, 0x8E, 0x38, 0xE3, 0x91};
const unsigned char hash_bytes[] = {0x20, 0x20, 0x20, 0xff, 0xff, 0xff, 0x20, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xff, 0xff, 0xff, 0x20, 0x20, 0xff, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20};
SYMCRYPT_ECURVE* curve = SymCryptEcurveAllocate(SymCryptEcurveParamsNistP224, 0);
SYMCRYPT_ECKEY* key = NULL;
SYMCRYPT_INT* nonce = NULL;
CF_CHECK_NE(key = SymCryptEckeyAllocate(curve), NULL);
CF_CHECK_NE(nonce = SymCryptIntAllocate(SymCryptEcurveDigitsofScalarMultiplier(curve)), NULL);
CF_CHECK_EQ(SymCryptIntSetValue(nonce_bytes, sizeof(nonce_bytes), SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, nonce), SYMCRYPT_NO_ERROR);
CF_CHECK_EQ(SymCryptEckeySetValue(
priv_bytes, sizeof(priv_bytes),
NULL, 0,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, SYMCRYPT_ECPOINT_FORMAT_XY,
0, key), SYMCRYPT_NO_ERROR);
{
const size_t sigHalfSize = SymCryptEcurveSizeofScalarMultiplier(curve);
const size_t sigSize = sigHalfSize * 2;
unsigned char* sig_bytes = malloc(sigSize);
CF_CHECK_EQ(SymCryptEcDsaSignEx(
key,
hash_bytes,
sizeof(hash_bytes),
nonce,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
0,
sig_bytes,
sigSize), SYMCRYPT_NO_ERROR);
}
end:
return 0;
}Stack trace copy/paste from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31514:
==9311==WARNING: MemorySanitizer: use-of-uninitialized-value
--
| #0 0x107160f in SymCryptFdefModInvGeneric SymCrypt/lib/fdef_mod.c:996:9
| #1 0x1072897 in SymCryptFdefModInvMontgomery SymCrypt/lib/fdef_mod.c:1375:15
| #2 0x103f66b in SymCryptModInv SymCrypt/lib/a_dispatch.c:940:12
| #3 0x105764a in SymCryptEcpointTransform SymCrypt/lib/ecpoint.c:420:23
| #4 0x105a019 in SymCryptEcpointGetValue SymCrypt/lib/ecpoint.c:723:15
| #5 0x104edea in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:299:19
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
| #16 0x4804c8 in _start
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was stored to memory at
| #0 0x105f0b0 in SymCryptFdefMaskedCopyC SymCrypt/lib/fdef_general.c:66:19
| #1 0x105f191 in SymCryptFdefMaskedCopy SymCrypt/lib/fdef_general.c:83:5
| #2 0x1056827 in SymCryptEcpointMaskedCopy SymCrypt/lib/ecpoint.c:181:5
| #3 0x10c8b82 in SymCryptEcpointScalarMulFixedWindow SymCrypt/lib/ec_mul.c:252:9
| #4 0x10c4c27 in SymCryptEcpointScalarMul SymCrypt/lib/ec_dispatch.c:231:12
| #5 0x104e999 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:280:13
| #6 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #7 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #8 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #9 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #10 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #11 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #12 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #13 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #14 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #15 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| Uninitialized value was created by a heap allocation
| #0 0x5371bd in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:901:3
| #1 0x1022ccf in SymCryptCallbackAlloc cryptofuzz/modules/symcrypt/module.cpp:25:16
| #2 0x104e0f8 in SymCryptEcDsaSignEx SymCrypt/lib/ec_dsa.c:220:17
| #3 0x1034a90 in cryptofuzz::module::SymCrypt::OpECDSA_Sign(cryptofuzz::operation::ECDSA_Sign&) cryptofuzz/modules/symcrypt/module.cpp:1256:9
| #4 0x64e8af in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::callModule(std::__1::shared_ptr<cryptofuzz::Module>, cryptofuzz::operation::ECDSA_Sign&) const cryptofuzz/executor.cpp:799:20
| #5 0x64bf80 in cryptofuzz::ExecutorBase<cryptofuzz::component::ECDSA_Signature, cryptofuzz::operation::ECDSA_Sign>::Run(fuzzing::datasource::Datasource&, unsigned char const*, unsigned long) const cryptofuzz/executor.cpp:1486:47
| #6 0x58a172 in cryptofuzz::Driver::Run(unsigned char const*, unsigned long) const cryptofuzz/driver.cpp:136:36
| #7 0x7f809d in LLVMFuzzerTestOneInput cryptofuzz/entry.cpp:388:13
| #8 0x4bbe41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
| #9 0x4a5b02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
| #10 0x4abe56 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
| #11 0x4d5e42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #12 0x7f4b1349e83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
|
| SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_cryptofuzz_94ef8836220c0eccbf1cd983651c4b1f64b4d368/revisions/cryptofuzz-boringssl-noasm+0x107160f)
|
mlindgren commented
@samuel-lee-msft I believe you reviewed this bug as well?
samuel-lee-msft commented
Yes I have taken a look, thanks @guidovranken for reporting this issue. 👍
As far as I can determine, this problem only affects the API SymCryptEcDsaSignEx - this API is intended for testing where there is a known answer test with a specified K. Normally external callers would use SymCryptEcDsaSign which in turn calls SymCryptEcDsaSignEx with NULL piK. When piK is specified and is greater than or equal to the curve's order, as in the example, we break some internal assumptions.
As such I don't see this as a security issue, but I am intending to make some fixes in the next week to tighten this up, and will update this issue with details when I've published the changes.
samuel-lee-msft commented
This is now resolved - we explicitly check the provided value of piK is in the range [1, GOrd-1] when it is not NULL.