>From arcfour.c: http://mxr.mozilla.org/mozilla/source/security/nss/lib/freebl/arcfour.c#390
My guess is that valgrind is considering malloc(5) to allocate 5 bytes, when really it allocates 8 bytes at least (because of alignment). Regards, Brian > -----Original Message----- > From: dev-tech-crypto-bounces+brian=briansmith....@lists.mozilla.org > [mailto:dev-tech-crypto-bounces+brian=briansmith....@lists.mozilla.org] On > Behalf Of Mads Kiilerich > Sent: Monday, June 21, 2010 7:06 PM > To: Robert Relyea > Cc: mozilla's crypto code discussion list > Subject: Re: PK11_CipherOp with RC4 and invalid memory access > > Robert Relyea wrote, On 06/22/2010 01:54 AM: > > On 06/19/2010 01:43 PM, Mads Kiilerich wrote: > > > >> Hi > >> > >> I'm trying to port an application from OpenSSL to NSS. The biggest > >> problem right now is that valgrind reports that NSS accesses invalid > >> memory when using RC4. There is no problem with chunk sizes up to 8 > >> and sizes divisible with 4, but for other sizes it access the source > >> and destination in chunks of 4 bytes. > >> > >> Do I do something wrong, or is it a bug or feature of NSS? Is this > >> behaviour documented somewhere? > >> > >> I'm using nss-3.12.6-7.fc13.i686 > >> > >> /Mads > >> > > IIRC you can ignore the read valgrind warnings in this case. The code > > is grabbing data a word at a time for efficiency reasons, then masking > > or shifting out the part that was read from uninitialized memory. > > > > Yes, it works correctly, so I assume that it doesn't use the extra bytes. It is > however not just reading uninitialized memory (which valgrind usually tracks > correctly), but it reads unallocated memory. It is also interesting that it doesn't > read beyond the bounds for small sizes, so it seems like there is some smart logic > that doesn't work. > > The example do however also show that it writes unallocated memory. That > looks like a genuine buffer overflow which could have security implications? > > /Mads > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
