Bug#535456: libgcrypt11: fails stack-smashing detection on VIA systems

Thu, 02 Jul 2009 04:00:46 -0700 

Package: libgcrypt11
Version: 1.4.4-2
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu ubuntu-patch karmic

Two Ubuntu users reported that libgcrypt11 fails stack-smashing
detection on VIA systems (we use -fstack-protector by default):

  https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/389053

Red Hat received a similar bug report and determined it to be a bug in
the padlock inline assembly; Tomas Mraz committed a fix for Fedora 11:

  https://bugzilla.redhat.com/show_bug.cgi?id=505724
  https://admin.fedoraproject.org/updates/libgcrypt-1.4.4-6.fc11

I've attached the patch I've applied to Ubuntu's libgcrypt11 package for
this.

Thanks,

-- 
Colin Watson                                       [[email protected]]

  * Fix stack smashing on VIA processors with Padlock RNG (patch by Tomas
    Mraz of Red Hat; thanks to Roberto Rosario for the archaeology; LP:
    #389053).

--- libgcrypt11-1.4.4.orig/debian/patches/20_padlock.diff
+++ libgcrypt11-1.4.4/debian/patches/20_padlock.diff
@@ -0,0 +1,33 @@
+Description: Fix VIA padlock RNG inline assembly call, to avoid hitting
+ stack smashing detection on those systems. Patch by Tomas Mraz of Red Hat.
+Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/389053
+Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=505724
+
+diff -Nur -x '*.orig' -x '*~' libgcrypt11-1.4.4/random/rndhw.c libgcrypt11-1.4.4.new/random/rndhw.c
+--- libgcrypt11-1.4.4/random/rndhw.c	2008-09-03 11:04:43.000000000 +0100
++++ libgcrypt11-1.4.4.new/random/rndhw.c	2009-07-02 11:27:38.000000000 +0100
+@@ -41,7 +41,7 @@
+ poll_padlock (void (*add)(const void*, size_t, enum random_origins),
+               enum random_origins origin, int fast)
+ {
+-  char buffer[64+8] __attribute__ ((aligned (8)));
++  volatile char buffer[64+8] __attribute__ ((aligned (8)));
+   char *p;
+   unsigned int nbytes, status;
+   
+@@ -55,12 +55,11 @@
+   nbytes = 0;
+   while (nbytes < 64)
+     {
+-      asm volatile 
++      asm volatile
+         ("movl %1, %%edi\n\t"         /* Set buffer.  */
+          "xorl %%edx, %%edx\n\t"      /* Request up to 8 bytes.  */
+-         ".byte 0x0f, 0xa7, 0xc0\n\t" /* XSTORE RNG. */
+-         "movl %%eax, %0\n"           /* Return the status.  */
+-         : "=g" (status)
++         ".byte 0x0f, 0xa7, 0xc0\n"   /* XSTORE RNG. */
++         : "=a" (status)
+          : "g" (p)
+          : "%edx", "%edi", "cc"
+          );

Reply via email to