[pkg-cryptsetup-devel] Bug#610255: cryptsetup: double-free or corruption when --master-key-file is empty

Sun Jan 16 19:23:52 UTC 2011

Package: cryptsetup
Version: 2:1.1.3-4
Severity: normal

I know, it's silly to specify --master-key-file as an empty file, but:

0 pip:~# ls -l no-password 
-rw-r--r-- 1 root root 0 Jan 16 14:06 no-password
0 pip:~# cryptsetup --master-key-file no-password luksAddKey /dev/mapper/vg_pip0-testy 
Cannot read 32 bytes from keyfile no-password.
*** glibc detected *** cryptsetup: double free or corruption (top): 0x08cbc4a0 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6(+0x6b281)[0xb7727281]
/lib/i686/cmov/libc.so.6(+0x6cad8)[0xb7728ad8]
/lib/i686/cmov/libc.so.6(cfree+0x6d)[0xb772bbbd]
cryptsetup[0x8055d87]
cryptsetup[0x8056dff]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76d2c76]
cryptsetup[0x804a691]
======= Memory map: ========
08048000-080ca000 r-xp 00000000 fd:03 65027      /sbin/cryptsetup
080ca000-080cd000 rw-p 00081000 fd:03 65027      /sbin/cryptsetup
08cbb000-08cdc000 rw-p 00000000 00:00 0          [heap]
b73c7000-b73e4000 r-xp 00000000 fd:03 81332      /lib/libgcc_s.so.1
b73e4000-b73e5000 rw-p 0001c000 fd:03 81332      /lib/libgcc_s.so.1
b7400000-b7421000 rw-p 00000000 00:00 0 
b7421000-b7500000 ---p 00000000 00:00 0 
b7517000-b768d000 r--p 00000000 fd:05 35826      /usr/lib/locale/locale-archive
b768d000-b768f000 rw-p 00000000 00:00 0 
b768f000-b7691000 r-xp 00000000 fd:03 101912     /lib/i686/cmov/libdl-2.11.2.so
b7691000-b7692000 r--p 00001000 fd:03 101912     /lib/i686/cmov/libdl-2.11.2.so
b7692000-b7693000 rw-p 00002000 fd:03 101912     /lib/i686/cmov/libdl-2.11.2.so
b7693000-b769f000 r-xp 00000000 fd:03 81295      /lib/libudev.so.0.9.3
b769f000-b76a0000 r--p 0000c000 fd:03 81295      /lib/libudev.so.0.9.3
b76a0000-b76a1000 rw-p 0000d000 fd:03 81295      /lib/libudev.so.0.9.3
b76a1000-b76ba000 r-xp 00000000 fd:03 81321      /lib/libselinux.so.1
b76ba000-b76bb000 r--p 00018000 fd:03 81321      /lib/libselinux.so.1
b76bb000-b76bc000 rw-p 00019000 fd:03 81321      /lib/libselinux.so.1
b76bc000-b77fc000 r-xp 00000000 fd:03 101920     /lib/i686/cmov/libc-2.11.2.so
b77fc000-b77fe000 r--p 0013f000 fd:03 101920     /lib/i686/cmov/libc-2.11.2.so
b77fe000-b77ff000 rw-p 00141000 fd:03 101920     /lib/i686/cmov/libc-2.11.2.so
b77ff000-b7802000 rw-p 00000000 00:00 0 
b7802000-b7805000 r-xp 00000000 fd:03 81374      /lib/libuuid.so.1.3.0
b7805000-b7806000 rw-p 00002000 fd:03 81374      /lib/libuuid.so.1.3.0
b7806000-b7807000 rw-p 00000000 00:00 0 
b7807000-b7827000 r-xp 00000000 fd:03 81298      /lib/libdevmapper.so.1.02.1
b7827000-b7829000 rw-p 0001f000 fd:03 81298      /lib/libdevmapper.so.1.02.1
b7829000-b7833000 r-xp 00000000 fd:03 81293      /lib/libpopt.so.0.0.0
b7833000-b7834000 rw-p 00009000 fd:03 81293      /lib/libpopt.so.0.0.0
b784b000-b7851000 rw-p 00000000 00:00 0 
b7851000-b7852000 r-xp 00000000 00:00 0          [vdso]
b7852000-b786d000 r-xp 00000000 fd:03 44809      /lib/ld-2.11.2.so
b786d000-b786e000 r--p 0001a000 fd:03 44809      /lib/ld-2.11.2.so
b786e000-b786f000 rw-p 0001b000 fd:03 44809      /lib/ld-2.11.2.so
bfd42000-bfd63000 rw-p 00000000 00:00 0          [stack]
Aborted
134 pip:~# 

Interestingly, if the file has more than 12 characters in the name, i
don't get the same crash:

0 pip:~# mv no-password no-password000
0 pip:~# cryptsetup --master-key-file no-password000 luksAddKey /dev/mapper/vg_pip0-testy 
Cannot read 32 bytes from keyfile no-password000.
0 pip:~# 

note: i'd also expect the non-crashing (but not succeeding either)
command above to return a non-zero error code, since luksAddKey did
not work.  my prompt reports the return code of the previous process,
and you can see that it returned 0, which would be treated as success
by any automated system.

    --dkg

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.37-trunk-686 root=/dev/mapper/vg_pip0-root ro verbose

-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.37-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.48-4 The Linux Kernel Device Mapper use
ii  libc6                        2.11.2-7    Embedded GNU C Library: Shared lib
ii  libdevmapper1.02.1           2:1.02.48-4 The Linux Kernel Device Mapper use
ii  libpopt0                     1.16-1      lib for parsing cmdline parameters
ii  libuuid1                     2.17.2-5    Universally Unique ID library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  busybox                       1:1.17.1-8 Tiny utilities for small and embed
ii  dosfstools                    3.0.9-1    utilities for making and checking 
ii  initramfs-tools [linux-initra 0.98.7     tools for generating an initramfs
ii  udev                          164-3      /dev/ and hotplug management daemo

-- no debconf information