openssl -- SIGILL

 ( NevemTeve | 2017. augusztus 31., csütörtök - 15:30 )

20170831.1644
Van nekünk ilyenünk:

typedef struct stack_st {              
    int num;                           
    char **data;                       
    int sorted;
    int num_alloc;
    int (*comp) (const void *, const void *);
} _STACK;

struct stack_st_SSL_COMP { _STACK stack; };

typedef struct ssl_comp_st {
    int id;
    const char *name;
    COMP_METHOD *method;
} SSL_COMP;

20170831.1556
Szóval van egy 'ssl_cipher_get_evp', aki 'sk_find'-et hívott; persze nem direktben, hanem egy-két makrón keresztül:

crypto/stack/safestack.h:

# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))

# define SKM_sk_find(type, st, val) \
        sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))

Szóval ilyen volt, ilyen lett:

ssl/ssl_ciph.c:530
i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
i = SKM_sk_find(SSL_COMP, ssl_comp_methods, &ctmp);
i = sk_find(CHECKED_STACK_OF(SSL_COMP, ssl_comp_methods),
            CHECKED_PTR_OF(SSL_COMP, &ctmp))

crypto/stack/stack.c:271
int sk_find(_STACK *st, void *data)
{
    return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
}

crypto/stack/stack.c:247
static int internal_find(_STACK *st, void *data, int ret_val_options)

Eredeti post
Túl nagy volt itt a csend, már kellett valami... Megpusztul egy programocska, az SSL_accept-ben.

Program terminated with signal SIGILL, Illegal instruction.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x090000000f5b0af0 in OBJ_bsearch_ex_ () from /usr/local/lib64/libcrypto.so.1.0.2
#2  0x090000000f5afd40 in internal_find () from /usr/local/lib64/libcrypto.so.1.0.2
#3  0x090000000f5afdf8 in sk_find () from /usr/local/lib64/libcrypto.so.1.0.2
#4  0x090000000e349794 in ssl_cipher_get_evp () from /usr/local/lib64/libssl.so.1.0.2
#5  0x090000000e37c1b0 in tls1_setup_key_block () from /usr/local/lib64/libssl.so.1.0.2
#6  0x090000000e36f8a8 in ssl3_accept () from /usr/local/lib64/libssl.so.1.0.2
#7  0x090000000e347784 in SSL_accept () from /usr/local/lib64/libssl.so.1.0.2
#8  0x090000000e381250 in ssl23_get_client_hello () from /usr/local/lib64/libssl.so.1.0.2
#9  0x090000000e3814b0 in ssl23_accept () from /usr/local/lib64/libssl.so.1.0.2
#10 0x090000000e347784 in SSL_accept () from /usr/local/lib64/libssl.so.1.0.2
#11 0x09000000015c3738 in S3I_SSL_accept () from /home/projects/lib64/libserver3s.so.2

(gdb) p $pc
$1 = (void (*)()) 0x0
(gdb) p $lr
$2 = (void (*)()) 0x90000000f5b0af0 

(gdb) disass $lr
   0x090000000f5b0ad0 <+124>:   mr      r3,r24
   0x090000000f5b0ad4 <+128>:   mr      r4,r27
   0x090000000f5b0ad8 <+132>:   ld      r0,0(r30)
   0x090000000f5b0adc <+136>:   std     r2,40(r1)
   0x090000000f5b0ae0 <+140>:   ld      r11,16(r30)
   0x090000000f5b0ae4 <+144>:   mtctr   r0
   0x090000000f5b0ae8 <+148>:   ld      r2,8(r30)
   0x090000000f5b0aec <+152>:   bctrl

Megmondom őszintén, ebben a szép pillanatban valahogy el tudnék vegetálni enélkül a nyomozás nélkül is... Na mindegy, egy kicsit belenézek:

crypto/stack.c:internal_find -> crypto/objects/obj_dat/OBJ_bsearch_ex_
a callback-függvény az ötödik paraméter; valamiféle _STACK.comp:

typedef struct stack_st {
    int num;
    char **data;
    int sorted;
    int num_alloc;
    int (*comp) (const void *, const void *);
} _STACK;                       /* Use STACK_OF(...) instead */

OBJ_bsearch_ex_ paraméterei:

# const void *key,
(gdb) x $r3
0xfffffffffffdf78:      0x0fffffff
# const void *base_,
(gdb) x/2x $r4
0x11007e290:    0x00000000      0x00000000
# int num,
(gdb) p $r5
$8 = 1
# int size,
(gdb) p $r6
$9 = 8
# int (*cmp) (const void *, const void *),
(gdb) x/3x $r7
0x11007e290:    0x00000000      0x00000000      0x00000000
# int flags
(gdb) p/x $r8
$10 = 0x2