NetBSD Problem Report #44539

From www@NetBSD.org  Wed Feb  9 18:37:32 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id CFB0A63B873
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  9 Feb 2011 18:37:31 +0000 (UTC)
Message-Id: <20110209183730.E553E63B842@www.NetBSD.org>
Date: Wed,  9 Feb 2011 18:37:30 +0000 (UTC)
From: M.Drochner@fz-juelich.de
Reply-To: M.Drochner@fz-juelich.de
To: gnats-bugs@NetBSD.org
Subject: opencrypto DEFLATE compression output is not correctly terminated
X-Send-Pr-Version: www-1.0

>Number:         44539
>Category:       kern
>Synopsis:       opencrypto DEFLATE compression output is not correctly terminated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 09 18:40:00 +0000 2011
>Closed-Date:    Thu Feb 10 21:23:25 +0000 2011
>Last-Modified:  Thu Feb 10 21:23:25 +0000 2011
>Originator:     Matthias Drochner
>Release:        current
>Organization:
FZJ
>Environment:
NetBSD zelz27 5.99.44 NetBSD 5.99.44 (MIST+MP+MODS) #178: Wed Feb  9 18:35:07 MET 2
011  drochner@zelz27:/home/drochner/netbsd/work.src.usbdev/sys/arch/i386/compile/MI
ST+MP+MODS i386

>Description:
The code in opencrypto/deflate.c fails to set the Z_FINISH flag
to deflate() to tell that a particular input data chunk is the
last one. (It is a trivial case here because the input data
is a single contigous block in opencrypto.)
This makes that the compressed output doesn't have the flag set
which indicates the end to the decompressor. (For details, look at
http://www.gzip.org/zlib/rfc-deflate.html -- the "BFINAL"-Bit
is the missing one.)
Apparently, the decompressors in NetBSD's IPSEC implementations
(KAME and FAST_IPSEC) ate lazy enough to ignore this, but the
might be interoperability problems.

>How-To-Repeat:
-code inspection (the code in netinet6/ipcomp_core.c is correct)
-look at IPCOMP network packets sent by FAST_IPSEC
-run the test program which I'll send as mail attachment

>Fix:
(This also replaces the deprecated Z_PARTIAL_FLUSH in inflate().)
Change the calls to inflate/deflate to do:
   error = decomp ? inflate(&zbuf, Z_SYNC_FLUSH) :
                    deflate(&zbuf, Z_FINISH);

This is tested to interoperate with a NetBSD box running KAME IPSEC.

>Release-Note:

>Audit-Trail:
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: gnats-bugs@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: kern/44539: opencrypto DEFLATE compression output is not 
 correctly terminated
Date: Wed, 9 Feb 2011 20:02:12 +0100

 --==_Exmh_83353830120
 Content-Type: text/plain; charset="us-ascii"
 Content-Transfer-Encoding: quoted-printable


 Here is the test program. It compresses some data using opencrypto
 and decompresses it with userland zlib.
 It fails with current sources and succeeds after the patch in the PR
 is applied.
 (needs eg. "sysctl -w kern.cryptodevallowsoft=3D0" for permission)


 ---------------------------------------------------------------------------=
 ---------------------
 ---------------------------------------------------------------------------=
 ---------------------
 Forschungszentrum Juelich GmbH
 52425 Juelich
 Sitz der Gesellschaft: Juelich
 Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
 Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
 Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
 Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
 Prof. Dr. Sebastian M. Schmidt
 ---------------------------------------------------------------------------=
 ---------------------
 ---------------------------------------------------------------------------=
 ---------------------

 --==_Exmh_83353830120
 Content-Type: text/plain; name="comptest_zlib.c"; charset="us-ascii"
 Content-Description: comptest_zlib.c
 Content-Disposition: attachment; filename="comptest_zlib.c"

 #include <fcntl.h>
 #include <sys/ioctl.h>
 #include <sys/time.h>
 #include <crypto/cryptodev.h>
 #include <string.h>
 #include <err.h>
 #include <zlib.h>

 char text[10000] = {0};

 int
 main()
 {
 	int fd, res;
 	struct session_op cs;
 	struct crypt_op co1;
 	unsigned char buf1[10000], buf2[10000];
 	z_stream z;

 	fd = open("/dev/crypto", O_RDWR, 0);
 	if (fd < 0)
 		err(1, "open");
 	memset(&cs, 0, sizeof(cs));
 	cs.comp_alg = CRYPTO_DEFLATE_COMP;
 	res = ioctl(fd, CIOCGSESSION, &cs);
 	if (res < 0)
 		err(1, "CIOCGSESSION");

 	memset(&co1, 0, sizeof(co1));
 	co1.ses = cs.ses;
 	co1.op = COP_COMP;
 	co1.len = sizeof(text);
 	co1.src = text;
 	co1.dst = buf1;
 	co1.dst_len = sizeof(buf1);
 	res = ioctl(fd, CIOCCRYPT, &co1);
 	if (res < 0)
 		err(1, "CIOCCRYPT");

 	memset(&z, 0, sizeof(z));
 	z.next_in = buf1;
 	z.avail_in = co1.dst_len;
 	z.zalloc = Z_NULL;
 	z.zfree = Z_NULL;
 	z.opaque = 0;
 	z.next_out = buf2;
 	z.avail_out = sizeof(buf2);
 	res = inflateInit2(&z, -15);
 	if (res != Z_OK)
 		errx(1, "inflateInit: %d", res);
 	do {
 		res = inflate(&z, Z_SYNC_FLUSH);
 	} while (res == Z_OK);
 	if (res != Z_STREAM_END)
 		errx(1, "inflate: %d", res);
 	if (z.total_out != sizeof(text))
 		errx(1, "decomp len %lu", z.total_out);
 	if (memcmp(buf2, text, sizeof(text)))
 		errx(1, "decomp data mismatch");
 	return 0;
 }

 --==_Exmh_83353830120--

From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44539 CVS commit: src/sys/opencrypto
Date: Thu, 10 Feb 2011 21:17:50 +0000

 Module Name:	src
 Committed By:	drochner
 Date:		Thu Feb 10 21:17:49 UTC 2011

 Modified Files:
 	src/sys/opencrypto: deflate.c

 Log Message:
 whan compressing, set the Z_FINISH flag to zlib to tell that
 the data chunk is the final one, which makes that zlib issues the
 proper termination marker
 (KAME IPSEC does this, but doesn't check eagerly in the receive
 path, so the missing termination didn't cause problems so far)
 closes my PR kern/44539
 being here, replace the Z_PARTIAL_FLUSH flag which is marked
 deprecated by zlib by Z_SYNC_FLUSH in the decompression path
 (tested with IPv4 IPCOMP on i386)


 To generate a diff of this commit:
 cvs rdiff -u -r1.13 -r1.14 src/sys/opencrypto/deflate.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: drochner@NetBSD.org
State-Changed-When: Thu, 10 Feb 2011 21:23:25 +0000
State-Changed-Why:
fixed in HEAD


>Unformatted:

Home	PR Database Search