oss-sec mailing list archives
CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers"
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 22 Sep 2016 21:39:41 -0400
CVE assignment, please. === INTRODUCTION === John Byrd reported a crash in Crypto++'s AES implementation under Microsoft compilers due to use of `_malloca`, `AliasedWithTables` and `_freea`. Crypto++ can potentially free the wrong pointer when the pointer is adjusted to flush cache lines to avoid Bernstein's cache timing attacks. === SCOPE === The bug only affects Crypto++ 5.6.4 and was introduced at http://github.com/weidai11/cryptopp/commit/823bc93357da32a3a4a2b71b9915a4e124839d18. The bug is specific to Windows and Microsoft compilers because its guarded by `_MSC_VER`. The bug does not affect Unix and Linux; and does not affect non-Microsoft compilers on Windows, like ICC and Borland. === DETAILS === The code in question asks `_malloca` for a block of memory. The code also over-commits the size and adjust the pointer to a 256-byte boundary. The pointer is sent `AliasedWithTables` to flush cache lines. If `AliasedWithTables` cannot perform the flush, then it returns false. Upon the false return, the code reallocates, adjusts the pointer and calls `AliasedWithTables` again. Eventually the call succeeds. After the code in question completes, it frees the adjusted pointer and not the original pointer using `_freea`. `alloca` is on Microsoft's [SDLC banned function list (http://msdn.microsoft.com/en-us/library/bb288454.aspx). The code was migrated from `alloca` to `_malloca` for C&A purposes. `_malloca` and `_freea` are Microsoft SDLC functions. Microsoft sometimes uses the heap rather than the stack for `_malloca`, and that's the reason `_freea` is needed. === CORRECTION === The issue is being tracked at https://github.com/weidai11/cryptopp/issues/302. The code will be fixed by using the correct pointer. The fix will be pushed within about two weeks along with CVE-2016-7420.
Current thread:
- CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers" Jeffrey Walton (Sep 23)