Thank you Jan. This is a good thing to fix, but I had a hard time envisioning a
security issue with it. Will see about backporting it though.
Regards
- Brent
> On Oct 26, 2017, at 6:50 PM, Jan Engelhardt <jeng...@inai.de> wrote:
>
>
> libressl-2.6.2 is susceptible to an out-of-bounds read:
>
> #include <openssl/des.h>
> int main(void) {
> char salt[3] = {0xf8, 0xd0, 0x00};
> char out[32];
> DES_fcrypt("foo", salt, out);
> }
>
> Place in libressl's fcrypt.c:
> x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
> Eswap0=con_salt[x]<<2; // boom
>
> ASM: => 0x00007ffff77a6fa8 <+56>: movzbl (%rcx,%rdx,1),%ebp
> rcx = con_salt
> rdx = 0xfffffff8
>
>
> Because salt[0] is -8, x will be 0xfffffff8 due to
> type promotion and conversion. con_salt[0xfffffff8]
> is then evaluted, which bombs out.
>
> openssl 1.1.x has it fixed (but 1.0.2l does not!) - their commit
> seems to be 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 in
> https://github.com/openssl/openssl .
>
