Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

Closed
marete opened this issue Jul 1, 2015 · 3 comments
Closed

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

marete opened this issue Jul 1, 2015 · 3 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@marete
Copy link
Contributor

marete commented Jul 1, 2015

The following program panics:

package main

import (
    "bytes"
    "encoding/hex"
    "io"
    "log"
    "os"

    "golang.org/x/crypto/openpgp"
)

// An empty Keyring
type emptyKR struct {
}

func (kr emptyKR) KeysById(id uint64) []openpgp.Key {
    return nil
}

func (kr emptyKR) DecryptionKeys() []openpgp.Key {
    return nil
}

func (kr emptyKR) KeysByIdUsage(uint64, byte) []openpgp.Key {
    return nil
}

var data = "9c3004303030300100000011303030000000000000010130303030303030303030303030303030303030303030303030303030303030303030303030303030303030"

func main() {
    buf, err := hex.DecodeString(data)
    if err != nil {
        log.Fatalln(err)
    }

    md, err := openpgp.ReadMessage(bytes.NewBuffer(buf), emptyKR{},
        func([]openpgp.Key, bool) ([]byte, error) {
            return []byte("insecure"), nil
        }, nil)

    if err != nil {
        log.Fatalln(err)
    }

    _, err = io.Copy(os.Stdout, md.UnverifiedBody)
    if err != nil {
        log.Fatalln(err)
    }

    if md.SignatureError != nil {
        log.Fatalln("integrity check failed")
    }
}

with the trace:

panic: division by zero

goroutine 1 [running]:
math/big.nat.div(0x0, 0x0, 0x0, 0xc20803c570, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc20803c570, ...)
    /opt/go/src/math/big/nat.go:503 +0xcb
math/big.(*Int).QuoRem(0xc208020320, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0, 0x1, 0x5)
    /opt/go/src/math/big/int.go:224 +0xb6
math/big.(*Int).Mod(0xc2080202e0, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0)
    /opt/go/src/math/big/int.go:255 +0x15c
crypto/rsa.(*PrivateKey).Precompute(0xc208068000)
    /opt/go/src/crypto/rsa/rsa.go:376 +0x1ba
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parseRSAPrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:266 +0x520
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parsePrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:234 +0x6c
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parse(0xc208040000, 0x7f5e808d1bc0, 0xc208020080, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:103 +0x3f8
golang.org/x/crypto/openpgp/packet.Read(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1be8, 0xc208040000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/packet.go:375 +0x152
golang.org/x/crypto/openpgp/packet.(*Reader).Next(0xc20803c330, 0x0, 0x0, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/reader.go:37 +0x10c
golang.org/x/crypto/openpgp.ReadMessage(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1b88, 0x68c0a8, 0x5f0860, 0x0, 0xc208062000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/read.go:101 +0x206
main.main()
    /home/marebri/devel/lab/go/crypto/openpgp/issues/50eccec52/main.go:40 +0x285

goroutine 2 [runnable]:
runtime.forcegchelper()
    /opt/go/src/runtime/proc.go:90
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 3 [runnable]:
runtime.bgsweep()
    /opt/go/src/runtime/mgc0.go:82
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 4 [runnable]:
runtime.runfinq()
    /opt/go/src/runtime/malloc.go:712
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

Found using gofuzz. You may assign this issue to me.
@bradfitz
Copy link
Contributor

bradfitz commented Jul 2, 2015

What version of Go?

@marete
Copy link
Contributor Author

marete commented Jul 2, 2015

go version go1.4.2 linux/amd64

@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Jul 10, 2015
@gopherbot
Copy link
Contributor

CL https://golang.org/cl/12356 mentions this issue.

benburkert pushed a commit to benburkert/openpgp that referenced this issue Feb 29, 2016
@ebfe @agl
x/crypto/openpgp/packet: validate parsed rsa private keys
6e60921 
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <[email protected]>
@golang golang locked and limited conversation to collaborators Aug 5, 2016
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@ebfe @agl
x/crypto/openpgp/packet: validate parsed rsa private keys
7c3d3bd 
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <[email protected]>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@ebfe @c-expert-zigbee
x/crypto/openpgp/packet: validate parsed rsa private keys
4307ec8 
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <[email protected]>
@rsc rsc unassigned marete Jun 23, 2022
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@ebfe @agl
x/crypto/openpgp/packet: validate parsed rsa private keys
13f5946 
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <[email protected]>
desdeel2d0m added a commit to desdeel2d0m/crypto that referenced this issue Jul 1, 2024
@desdeel2d0m @agl
x/crypto/openpgp/packet: validate parsed rsa private keys
c380cf6 
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@bradfitz @marete @ianlancetaylor @gopherbot