Debian Bug report logs - #403075
cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Rob Walker <rob@tenfoot.org.uk>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Cc: rob@tenfoot.org.uk, Debian Security Team <team@security.debian.org>

Subject: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Thu, 14 Dec 2006 13:46:33 +0000

Package: cryptsetup
Version: 2:1.0.4-8
Severity: grave
Tags: security
Justification: user security hole

If I run cryptsetup luksOpen, giving it a file instead of a device, it tries
to allocate lots of memory, eventually triggering the oomkiller to kill
processes.  

A normal user can do this, so this could be used for some kind of
denial of service attack: system performance will be impaired and processes of
other users may be killed.  Hence the grave serverity.

To reproduce

  # produce a dummy file
  dd if=/dev/zero of=/tmp/foo bs=1k count=1024

  # try to run cryptsetup
  /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo

The user will be prompted for a password.  After entering it, the system
freezes until the oomkiller kills cryptsetup.

Regards

Rob


-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages cryptsetup depends on:
ii  dmsetup  2:1.02.08-1                     The Linux Kernel Device Mapper use
ii  libc6    2.3.6.ds1-8                     GNU C Library: Shared libraries
ii  libdevma 2:1.02.08-1                     The Linux Kernel Device Mapper use
ii  libgcryp 1.2.3-2                         LGPL Crypto library - runtime libr
ii  libgpg-e 1.4-1                           library for common error values an
ii  libpopt0 1.10-3                          lib for parsing cmdline parameters
ii  libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-1 universally unique id library

cryptsetup recommends no packages.

-- no debconf information

Message #10 received at 403075@bugs.debian.org (full text, mbox, reply):

From: David Härdeman <david@hardeman.nu>

To: Rob Walker <rob@tenfoot.org.uk>, 403075@bugs.debian.org

Cc: Debian Security Team <team@security.debian.org>

Subject: Re: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Thu, 14 Dec 2006 19:22:23 +0100

severity 403075 normal
tags 403075 -security
tags 403075 +moreinfo
thanks

On Thu, Dec 14, 2006 at 01:46:33PM +0000, Rob Walker wrote:
>Package: cryptsetup
>Version: 2:1.0.4-8
>Severity: grave
>Tags: security
>Justification: user security hole
>
>If I run cryptsetup luksOpen, giving it a file instead of a device, it tries
>to allocate lots of memory, eventually triggering the oomkiller to kill
>processes.  
>
>A normal user can do this, so this could be used for some kind of
>denial of service attack: system performance will be impaired and processes of
>other users may be killed.  Hence the grave serverity.

Ehh..any user can run a process which uses any amount of memory 
unless you use ulimit.

I agree this would be a bug in crypsetup, but calling it a user security 
hole is not correct.

>To reproduce
>
>  # produce a dummy file
>  dd if=/dev/zero of=/tmp/foo bs=1k count=1024
>
>  # try to run cryptsetup
>  /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo

The first argument after luksOpen should be a device, the second should 
be a mapping name.

/tmp/foo is no device, it's a file.

/dev/mapper/_tmp_foo is no mapping name, it's a complete path.

The correct syntax would be something like:
/sbin/cryptsetup luksOpen /dev/something tmpfoo


Furthermore, I can't reproduce this (using the version currently in unstable):

# dd if=/dev/zero of=/tmp/foo bs=1k count=1024
# losetup -f /tmp/foo
# crypsetup luksOpen /dev/loop0 tmpfoo
# Enter LUKS passphrase: 
# /dev/loop0 is not a LUKS partition
# cryptsetup luksFormat /dev/loop0

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Command successful.
# cryptsetup luksOpen /dev/loop0 footmp
Enter LUKS passphrase: 
key slot 0 unlocked.
Command successful.
# ls -al /dev/mapper/footmp
brw-rw---- 1 root disk 254, 3 2006-12-14 19:14 /dev/mapper/footmp
# cryptsetup remove footmp
# losetup -d /dev/loop0


-- 
David Härdeman

Message #21 received at 403075@bugs.debian.org (full text, mbox, reply):

From: "Rob Walker" <rob@tenfoot.org.uk>

To: "David Härdeman" <david@hardeman.nu>

Cc: 403075@bugs.debian.org

Subject: Re: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Thu, 14 Dec 2006 23:08:26 +0000

> >A normal user can do this, so this could be used for some kind of
> >denial of service attack: system performance will be impaired and processes of
> >other users may be killed.  Hence the grave serverity.
>
> Ehh..any user can run a process which uses any amount of memory
> unless you use ulimit.
>
> I agree this would be a bug in crypsetup, but calling it a user security
> hole is not correct.
>
Fair enough


> >To reproduce
> >
> >  # produce a dummy file
> >  dd if=/dev/zero of=/tmp/foo bs=1k count=1024
> >
> >  # try to run cryptsetup
> >  /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo
>
> The first argument after luksOpen should be a device, the second should
> be a mapping name.
>
> /tmp/foo is no device, it's a file.
>
> /dev/mapper/_tmp_foo is no mapping name, it's a complete path.
>
> The correct syntax would be something like:
> /sbin/cryptsetup luksOpen /dev/something tmpfoo
>
I know the syntax to the cryptsetup command I gave is incorrect, but
crypt setup should catch such errors and print a useful warning
message rather than lock up the system

>
> Furthermore, I can't reproduce this (using the version currently in unstable):
>
> # dd if=/dev/zero of=/tmp/foo bs=1k count=1024
> # losetup -f /tmp/foo
> # crypsetup luksOpen /dev/loop0 tmpfoo
> # Enter LUKS passphrase:
> # /dev/loop0 is not a LUKS partition
> # cryptsetup luksFormat /dev/loop0
>
> WARNING!
> ========
> This will overwrite data on /dev/loop0 irrevocably.
>
> Are you sure? (Type uppercase yes): YES
> Enter LUKS passphrase:
> Verify passphrase:
> Command successful.
> # cryptsetup luksOpen /dev/loop0 footmp
> Enter LUKS passphrase:
> key slot 0 unlocked.
> Command successful.
> # ls -al /dev/mapper/footmp
> brw-rw---- 1 root disk 254, 3 2006-12-14 19:14 /dev/mapper/footmp
> # cryptsetup remove footmp
> # losetup -d /dev/loop0
>
>
Yes, these commands work OK.  I only discovered the bug when I made a
mistake in experimenting with cryptsetup

Regards

Rob

Message #26 received at 403075@bugs.debian.org (full text, mbox, reply):

From: David Härdeman <david@hardeman.nu>

To: Rob Walker <rob@tenfoot.org.uk>, 403075@bugs.debian.org

Subject: Re: Bug#403075: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Fri, 15 Dec 2006 01:29:53 +0100

On Thu, Dec 14, 2006 at 11:08:26PM +0000, Rob Walker wrote:
>>The correct syntax would be something like:
>>/sbin/cryptsetup luksOpen /dev/something tmpfoo
>>
>I know the syntax to the cryptsetup command I gave is incorrect, but
>crypt setup should catch such errors and print a useful warning
>message rather than lock up the system
>
>>
>>Furthermore, I can't reproduce this (using the version currently in 
>>unstable):
<snip>
>>...
>Yes, these commands work OK.  I only discovered the bug when I made a
>mistake in experimenting with cryptsetup

Problem is I can't reproduce the bug with your commands either 
(executing them as a regular user):

(david@austin:~)$ dd if=/dev/zero of=/tmp/foo bs=1k count=1024
1024+0 records in
1024+0 records out
1048576 bytes (1.0 MB) copied, 0.0060463 seconds, 173 MB/s
(david@austin:~)$ /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo
Enter LUKS passphrase: 
/tmp/foo is not a LUKS partition
Enter LUKS passphrase: 
/tmp/foo is not a LUKS partition
Enter LUKS passphrase: 
/tmp/foo is not a LUKS partition
Command failed: No key available with this passphrase.

(david@austin:~)$

Are you able to reproduce the error with the version of cryptsetup that 
is currently in unstable?

-- 
David Härdeman

Message #31 received at 403075@bugs.debian.org (full text, mbox, reply):

From: Rob Walker <rob@tenfoot.org.uk>

To: 403075@bugs.debian.org

Subject: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Tue, 19 Dec 2006 22:07:25 +0000

> Problem is I can't reproduce the bug with your commands either
> (executing them as a regular user):
>
> (david@austin:~)$ dd if=/dev/zero of=/tmp/foo bs=1k count=1024
> 1024+0 records in
> 1024+0 records out
> 1048576 bytes (1.0 MB) copied, 0.0060463 seconds, 173 MB/s
> (david@austin:~)$ /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo
> Enter LUKS passphrase:
> /tmp/foo is not a LUKS partition
> Enter LUKS passphrase:
> /tmp/foo is not a LUKS partition
> Enter LUKS passphrase:
> /tmp/foo is not a LUKS partition
> Command failed: No key available with this passphrase.
>
> (david@austin:~)$
>
> Are you able to reproduce the error with the version of cryptsetup that
> is currently in unstable?

I can reproduce the bug using the cryptsetup from unstable.  I've also tried 
it on another machine with the same results.

The unrelated process killing only seems to happen when I try it as root; 
running as a regular user usually only kills cryptsetup.

Regards

Rob

Message #36 received at 403075@bugs.debian.org (full text, mbox, reply):

From: David Härdeman <david@hardeman.nu>

To: Rob Walker <rob@tenfoot.org.uk>, 403075@bugs.debian.org

Subject: Re: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Wed, 20 Dec 2006 02:07:57 +0100

On Tue, Dec 19, 2006 at 10:07:25PM +0000, Rob Walker wrote:
>> Problem is I can't reproduce the bug with your commands either
>> (executing them as a regular user):
>>
>> (david@austin:~)$ dd if=/dev/zero of=/tmp/foo bs=1k count=1024
>> 1024+0 records in
>> 1024+0 records out
>> 1048576 bytes (1.0 MB) copied, 0.0060463 seconds, 173 MB/s
>> (david@austin:~)$ /sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo
>> Enter LUKS passphrase:
>> /tmp/foo is not a LUKS partition
>> Enter LUKS passphrase:
>> /tmp/foo is not a LUKS partition
>> Enter LUKS passphrase:
>> /tmp/foo is not a LUKS partition
>> Command failed: No key available with this passphrase.
>>
>> (david@austin:~)$
>>
>> Are you able to reproduce the error with the version of cryptsetup that
>> is currently in unstable?
>
>I can reproduce the bug using the cryptsetup from unstable.  I've also tried 
>it on another machine with the same results.

Ok, could you then provide me with the exact steps that you took to 
reproduce it cause so far I haven't managed to do so.

-- 
David Härdeman

Message #41 received at 403075@bugs.debian.org (full text, mbox, reply):

From: Rob Walker <rob@tenfoot.org.uk>

To: David Härdeman <david@hardeman.nu>

Cc: 403075@bugs.debian.org

Subject: Re: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Wed, 20 Dec 2006 10:32:19 +0000

[Message part 1 (text/plain, inline)]

> >>
> >> Are you able to reproduce the error with the version of cryptsetup that
> >> is currently in unstable?
> >
> >I can reproduce the bug using the cryptsetup from unstable.  I've also
> > tried it on another machine with the same results.
>
> Ok, could you then provide me with the exact steps that you took to
> reproduce it cause so far I haven't managed to do so.


I think I've found the problem.  In lib/utils.c, the sector_size function is 
this:

static int sector_size(int fd) 
{
	int bsize;
	ioctl(fd,BLKSSZGET, &bsize);
	return bsize;
}


For a file, the ioctl will fail.  Since bsize is not initialized, it's value 
will be random (when I ran it under gdb, I got several million) and as this 
value will later be used to allocate a buffer, this explains the runaway 
memory allocation I saw, but you didn't.

The attached patch checks the return code from ioctl and returns -EINVAL if it 
fails.  The users of sector_size are also changed to abort if sector_size 
returns a negative value.   

With this patch applied, I get the appropriate error messages from cryptsetup 
if I give it a file instead of a block device.

Regards

Rob

[cryptsetup_sector_size_error.patch (text/x-diff, attachment)]

Message #46 received at 403075@bugs.debian.org (full text, mbox, reply):

From: David Härdeman <david@hardeman.nu>

To: "Rob Walker" <rob@tenfoot.org.uk>

Cc: 403075@bugs.debian.org, jonas@freesources.org

Subject: Re: [Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill unrelated processes (out of memory killer)

Date: Wed, 20 Dec 2006 13:28:31 +0100 (CET)

On Wed, December 20, 2006 11:32, Rob Walker said:
>> >I can reproduce the bug using the cryptsetup from unstable.  I've also
>> > tried it on another machine with the same results.
>>
>> Ok, could you then provide me with the exact steps that you took to
>> reproduce it cause so far I haven't managed to do so.
>
>
> I think I've found the problem.  In lib/utils.c, the sector_size function
> is
> this:
>
> static int sector_size(int fd)
> {
> 	int bsize;
> 	ioctl(fd,BLKSSZGET, &bsize);
> 	return bsize;
> }
>
>
> For a file, the ioctl will fail.  Since bsize is not initialized, it's
> value will be random

Thanks, a self-fixing bug report is always nice :)

The patch looks sane, unfortunately I'm leaving for a two-week vacation in
about two hours. Hopefully Jonas will have time to add this fix and
release a new version.

Later it would probably be good to add checks too make sure that the
device argument is a block device and not something else, in order to
provide more helpful messages to the user. That can be implemented later
though.

-- 
David Härdeman

Message #53 received at 403075-close@bugs.debian.org (full text, mbox, reply):

From: Jonas Meurer <mejo@debian.org>

To: 403075-close@bugs.debian.org

Subject: Bug#403075: fixed in cryptsetup 2:1.0.4+svn26-1

Date: Tue, 09 Jan 2007 21:17:02 +0000

Source: cryptsetup
Source-Version: 2:1.0.4+svn26-1

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:

cryptsetup-udeb_1.0.4+svn26-1_amd64.udeb
  to pool/main/c/cryptsetup/cryptsetup-udeb_1.0.4+svn26-1_amd64.udeb
cryptsetup_1.0.4+svn26-1.diff.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4+svn26-1.diff.gz
cryptsetup_1.0.4+svn26-1.dsc
  to pool/main/c/cryptsetup/cryptsetup_1.0.4+svn26-1.dsc
cryptsetup_1.0.4+svn26-1_amd64.deb
  to pool/main/c/cryptsetup/cryptsetup_1.0.4+svn26-1_amd64.deb
cryptsetup_1.0.4+svn26.orig.tar.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4+svn26.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 403075@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <mejo@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  9 Jan 2007 21:53:06 +0100
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb
Architecture: source amd64
Version: 2:1.0.4+svn26-1
Distribution: unstable
Urgency: high
Maintainer: Jonas Meurer <mejo@debian.org>
Changed-By: Jonas Meurer <mejo@debian.org>
Description: 
 cryptsetup - configures encrypted block devices
 cryptsetup-udeb - configures encrypted block devices (udeb)
Closes: 398429 402417 403075 405301
Changes: 
 cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
 .
   [ Jonas Meurer ]
   * New upstream svn snapshot 1.0.4+svn26
     - contains a slightly modified patch by Rob Walker
       <rob@tenfoot.org.uk> to fix a sector size error. (closes: #403075)
     - fixes a LUKS header corruption on arm, which downgrades bug
       #403426 from critical to important.
     - prevents password retrying with I/O errors.
   * handle chainmode/essiv "plain" correctly in initramfs hook.
     Thanks to Leonard Norrgard. (closes: #402417)
   * remove 'rm -rf m4' from a clean target in debian/rules.
   * urgency=high to get this into etch.
 .
   [ David Härdeman ]
   * Document the difference in default hash functions between the
     initramfs scripts and the plain cryptsetup binary. (closes: #398429)
   * Verify symlinks for source devices when initramfs is generated and
     correct if necessary. (closes: #405301)
Files: 
 f1f1fc2f3b0030f6597399017806ec40 831 admin optional cryptsetup_1.0.4+svn26-1.dsc
 2124f81bdb586cdf103af4bf924d2b71 660171 admin optional cryptsetup_1.0.4+svn26.orig.tar.gz
 51b6213e13f0c25ff85687e3badd75f8 43448 admin optional cryptsetup_1.0.4+svn26-1.diff.gz
 65686e201302421e65c4cab7a5a54da2 263696 admin optional cryptsetup_1.0.4+svn26-1_amd64.deb
 d088394912dd38aa25cd5f3610685386 184188 debian-installer optional cryptsetup-udeb_1.0.4+svn26-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFpAGId6lUs+JfIQIRAjy/AKCcPF+P+GesjtACsWHh+OHj1zi6BACeIxyl
/exG6o8RXsmLmc7FlTVi0eg=
=n6cA
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.