Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

Closed
marete opened this issue Jul 1, 2015 · 3 comments

Comments

@marete
Copy link
Contributor

marete commented Jul 1, 2015

The following program panics:

package main

import (
    "bytes"
    "encoding/hex"
    "io"
    "log"
    "os"

    "golang.org/x/crypto/openpgp"
)

// An empty Keyring
type emptyKR struct {
}

func (kr emptyKR) KeysById(id uint64) []openpgp.Key {
    return nil
}

func (kr emptyKR) DecryptionKeys() []openpgp.Key {
    return nil
}

func (kr emptyKR) KeysByIdUsage(uint64, byte) []openpgp.Key {
    return nil
}

var data = "9c3004303030300100000011303030000000000000010130303030303030303030303030303030303030303030303030303030303030303030303030303030303030"

func main() {
    buf, err := hex.DecodeString(data)
    if err != nil {
        log.Fatalln(err)
    }

    md, err := openpgp.ReadMessage(bytes.NewBuffer(buf), emptyKR{},
        func([]openpgp.Key, bool) ([]byte, error) {
            return []byte("insecure"), nil
        }, nil)

    if err != nil {
        log.Fatalln(err)
    }

    _, err = io.Copy(os.Stdout, md.UnverifiedBody)
    if err != nil {
        log.Fatalln(err)
    }

    if md.SignatureError != nil {
        log.Fatalln("integrity check failed")
    }
}

with the trace:

panic: division by zero

goroutine 1 [running]:
math/big.nat.div(0x0, 0x0, 0x0, 0xc20803c570, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc20803c570, ...)
    /opt/go/src/math/big/nat.go:503 +0xcb
math/big.(*Int).QuoRem(0xc208020320, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0, 0x1, 0x5)
    /opt/go/src/math/big/int.go:224 +0xb6
math/big.(*Int).Mod(0xc2080202e0, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0)
    /opt/go/src/math/big/int.go:255 +0x15c
crypto/rsa.(*PrivateKey).Precompute(0xc208068000)
    /opt/go/src/crypto/rsa/rsa.go:376 +0x1ba
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parseRSAPrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:266 +0x520
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parsePrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:234 +0x6c
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parse(0xc208040000, 0x7f5e808d1bc0, 0xc208020080, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:103 +0x3f8
golang.org/x/crypto/openpgp/packet.Read(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1be8, 0xc208040000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/packet.go:375 +0x152
golang.org/x/crypto/openpgp/packet.(*Reader).Next(0xc20803c330, 0x0, 0x0, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/reader.go:37 +0x10c
golang.org/x/crypto/openpgp.ReadMessage(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1b88, 0x68c0a8, 0x5f0860, 0x0, 0xc208062000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/read.go:101 +0x206
main.main()
    /home/marebri/devel/lab/go/crypto/openpgp/issues/50eccec52/main.go:40 +0x285

goroutine 2 [runnable]:
runtime.forcegchelper()
    /opt/go/src/runtime/proc.go:90
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 3 [runnable]:
runtime.bgsweep()
    /opt/go/src/runtime/mgc0.go:82
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 4 [runnable]:
runtime.runfinq()
    /opt/go/src/runtime/malloc.go:712
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

Found using gofuzz. You may assign this issue to me.

@bradfitz
Copy link
Contributor

bradfitz commented Jul 2, 2015

What version of Go?

@marete
Copy link
Contributor Author

marete commented Jul 2, 2015

go version go1.4.2 linux/amd64

@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Jul 10, 2015
@gopherbot
Copy link
Contributor

CL https://golang.org/cl/12356 mentions this issue.

benburkert pushed a commit to benburkert/openpgp that referenced this issue Feb 29, 2016
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <agl@golang.org>
@golang golang locked and limited conversation to collaborators Aug 5, 2016
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <agl@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <agl@golang.org>
@rsc rsc unassigned marete Jun 23, 2022
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <agl@golang.org>
desdeel2d0m added a commit to desdeel2d0m/crypto that referenced this issue Jul 1, 2024
parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers
divide-by-zero panic if either p or q is 1. Sanity check the parsed
values by calling rsa.PrivateKey.Validate.

Fixes golang/go#11505

Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204
Reviewed-on: https://go-review.googlesource.com/12356
Reviewed-by: Adam Langley <agl@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants