NetBSD Problem Report #44539
From www@NetBSD.org Wed Feb 9 18:37:32 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id CFB0A63B873
for <gnats-bugs@gnats.NetBSD.org>; Wed, 9 Feb 2011 18:37:31 +0000 (UTC)
Message-Id: <20110209183730.E553E63B842@www.NetBSD.org>
Date: Wed, 9 Feb 2011 18:37:30 +0000 (UTC)
From: M.Drochner@fz-juelich.de
Reply-To: M.Drochner@fz-juelich.de
To: gnats-bugs@NetBSD.org
Subject: opencrypto DEFLATE compression output is not correctly terminated
X-Send-Pr-Version: www-1.0
>Number: 44539
>Category: kern
>Synopsis: opencrypto DEFLATE compression output is not correctly terminated
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 09 18:40:00 +0000 2011
>Closed-Date: Thu Feb 10 21:23:25 +0000 2011
>Last-Modified: Thu Feb 10 21:23:25 +0000 2011
>Originator: Matthias Drochner
>Release: current
>Organization:
FZJ
>Environment:
NetBSD zelz27 5.99.44 NetBSD 5.99.44 (MIST+MP+MODS) #178: Wed Feb 9 18:35:07 MET 2
011 drochner@zelz27:/home/drochner/netbsd/work.src.usbdev/sys/arch/i386/compile/MI
ST+MP+MODS i386
>Description:
The code in opencrypto/deflate.c fails to set the Z_FINISH flag
to deflate() to tell that a particular input data chunk is the
last one. (It is a trivial case here because the input data
is a single contigous block in opencrypto.)
This makes that the compressed output doesn't have the flag set
which indicates the end to the decompressor. (For details, look at
http://www.gzip.org/zlib/rfc-deflate.html -- the "BFINAL"-Bit
is the missing one.)
Apparently, the decompressors in NetBSD's IPSEC implementations
(KAME and FAST_IPSEC) ate lazy enough to ignore this, but the
might be interoperability problems.
>How-To-Repeat:
-code inspection (the code in netinet6/ipcomp_core.c is correct)
-look at IPCOMP network packets sent by FAST_IPSEC
-run the test program which I'll send as mail attachment
>Fix:
(This also replaces the deprecated Z_PARTIAL_FLUSH in inflate().)
Change the calls to inflate/deflate to do:
error = decomp ? inflate(&zbuf, Z_SYNC_FLUSH) :
deflate(&zbuf, Z_FINISH);
This is tested to interoperate with a NetBSD box running KAME IPSEC.
>Release-Note:
>Audit-Trail:
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: gnats-bugs@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/44539: opencrypto DEFLATE compression output is not
correctly terminated
Date: Wed, 9 Feb 2011 20:02:12 +0100
--==_Exmh_83353830120
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Here is the test program. It compresses some data using opencrypto
and decompresses it with userland zlib.
It fails with current sources and succeeds after the patch in the PR
is applied.
(needs eg. "sysctl -w kern.cryptodevallowsoft=3D0" for permission)
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
--==_Exmh_83353830120
Content-Type: text/plain; name="comptest_zlib.c"; charset="us-ascii"
Content-Description: comptest_zlib.c
Content-Disposition: attachment; filename="comptest_zlib.c"
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <crypto/cryptodev.h>
#include <string.h>
#include <err.h>
#include <zlib.h>
char text[10000] = {0};
int
main()
{
int fd, res;
struct session_op cs;
struct crypt_op co1;
unsigned char buf1[10000], buf2[10000];
z_stream z;
fd = open("/dev/crypto", O_RDWR, 0);
if (fd < 0)
err(1, "open");
memset(&cs, 0, sizeof(cs));
cs.comp_alg = CRYPTO_DEFLATE_COMP;
res = ioctl(fd, CIOCGSESSION, &cs);
if (res < 0)
err(1, "CIOCGSESSION");
memset(&co1, 0, sizeof(co1));
co1.ses = cs.ses;
co1.op = COP_COMP;
co1.len = sizeof(text);
co1.src = text;
co1.dst = buf1;
co1.dst_len = sizeof(buf1);
res = ioctl(fd, CIOCCRYPT, &co1);
if (res < 0)
err(1, "CIOCCRYPT");
memset(&z, 0, sizeof(z));
z.next_in = buf1;
z.avail_in = co1.dst_len;
z.zalloc = Z_NULL;
z.zfree = Z_NULL;
z.opaque = 0;
z.next_out = buf2;
z.avail_out = sizeof(buf2);
res = inflateInit2(&z, -15);
if (res != Z_OK)
errx(1, "inflateInit: %d", res);
do {
res = inflate(&z, Z_SYNC_FLUSH);
} while (res == Z_OK);
if (res != Z_STREAM_END)
errx(1, "inflate: %d", res);
if (z.total_out != sizeof(text))
errx(1, "decomp len %lu", z.total_out);
if (memcmp(buf2, text, sizeof(text)))
errx(1, "decomp data mismatch");
return 0;
}
--==_Exmh_83353830120--
From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44539 CVS commit: src/sys/opencrypto
Date: Thu, 10 Feb 2011 21:17:50 +0000
Module Name: src
Committed By: drochner
Date: Thu Feb 10 21:17:49 UTC 2011
Modified Files:
src/sys/opencrypto: deflate.c
Log Message:
whan compressing, set the Z_FINISH flag to zlib to tell that
the data chunk is the final one, which makes that zlib issues the
proper termination marker
(KAME IPSEC does this, but doesn't check eagerly in the receive
path, so the missing termination didn't cause problems so far)
closes my PR kern/44539
being here, replace the Z_PARTIAL_FLUSH flag which is marked
deprecated by zlib by Z_SYNC_FLUSH in the decompression path
(tested with IPv4 IPCOMP on i386)
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sys/opencrypto/deflate.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: drochner@NetBSD.org
State-Changed-When: Thu, 10 Feb 2011 21:23:25 +0000
State-Changed-Why:
fixed in HEAD
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.