Page MenuHomeFreeBSD

dumpon: fix encrypted dumps after commit 372557d8c3d
ClosedPublic

Authored by vangyzen on Aug 7 2021, 2:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Mar 11, 7:22 PM
Unknown Object (File)
Mon, Mar 11, 7:22 PM
Unknown Object (File)
Mon, Mar 11, 7:22 PM
Unknown Object (File)
Mon, Mar 11, 7:22 PM
Unknown Object (File)
Fri, Mar 8, 3:23 AM
Unknown Object (File)
Jan 14 2024, 12:19 AM
Unknown Object (File)
Jan 6 2024, 10:22 PM
Unknown Object (File)
Jan 6 2024, 10:22 PM
Subscribers

Details

Summary

That commit moved key generation into a child process, including
a memory allocation referenced by a structure. The child wrote
the structure to the parent over a pipe, but did not write the
referenced allocation. The parent read the structure from the
child and used its pointer, which was bogus in the parent.

In the child, send both chunks of data to the parent. In the
parent, make a corresponding allocation and read both chunks.

Fixes: 372557d8c3d37dd0c1d9be56513a436393963848

Test Plan

BEFORE

# decryptcore -p ~/private.pem -k key.1 -e vmcore_encrypted.1 -c vmcore.1
[ERROR] (decryptcore) Unable to decrypt key: error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

# hd key.1
00000000  02 bf 5e 33 66 7c fb 0d  be 6a 0e fe ee b7 51 48  |..^3f|...j....QH|
00000010  47 08 9a 63 53 11 d1 f7  71 e3 a0 2f bc 31 f1 24  |G..cS...q../.1.$|
00000020  7c 00 00 02 00 00 00 00  00 00 00 00 00 00 00 00  ||...............|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000

AFTER

# decryptcore -p ~/private.pem -k key.3 -e vmcore_encrypted.3 -c vmcore.3

# strings vmcore.3 | head -1
minidump FreeBSD/amd64

# hd key.3
00000000  02 20 fa 8e e3 67 35 16  7b d7 f7 2b d5 57 aa 64  |. ...g5.{..+.W.d|
00000010  5b ff b3 18 0b fa c7 c9  4e 35 cc 4d ed 95 52 97  |[.......N5.M..R.|
00000020  f8 00 00 02 00 12 2f 01  0d 4e 30 c3 c4 39 01 0d  |....../..N0..9..|
00000030  59 3d 50 04 4d fb bb 08  5f 24 97 97 d5 78 05 3d  |Y=P.M..._$...x.=|
00000040  10 96 c0 e5 5c fe c4 78  ad c4 2c c6 c2 9b 43 c8  |....\..x..,...C.|
00000050  86 c4 e0 d1 b7 bc c4 c1  56 e0 73 85 a6 8c 7a 80  |........V.s...z.|
00000060  db a0 73 6c 07 ea 2c d4  89 31 3a bf f8 3e 53 ea  |..sl..,..1:..>S.|
00000070  a7 d6 2e 34 81 25 28 c0  2b e9 03 bd 64 79 3e 53  |...4.%(.+...dy>S|
00000080  33 87 5f 66 91 ca 20 f2  3f e3 75 05 3e ac 91 66  |3._f.. .?.u.>..f|
00000090  29 d9 4a 92 6f f4 98 93  b4 6a 6f 7c 20 8e 3a 82  |).J.o....jo| .:.|
000000a0  63 66 89 02 ac 0a 65 8c  0e ac c0 65 99 c9 70 48  |cf....e....e..pH|
000000b0  a2 85 09 cd 0d ce 3e 53  b5 84 79 2f ac a5 2d 55  |......>S..y/..-U|
000000c0  7c d5 7d b3 77 47 c9 ec  de de 58 45 8b f0 89 32  ||.}.wG....XE...2|
000000d0  c3 32 66 40 a0 09 a2 49  d9 5f 59 c4 69 fc c6 82  |.2f@...I._Y.i...|
000000e0  15 2a 30 09 0a 04 70 0d  ae 14 0f 78 c0 b0 d6 9e  |.*0...p....x....|
000000f0  74 ff 61 30 1c 4b 5b 2c  5b 6c c0 68 d1 51 0a 3a  |t.a0.K[,[l.h.Q.:|
00000100  51 26 6f 04 8a c7 b0 55  e1 d0 bd 09 20 6d 46 58  |Q&o....U.... mFX|
00000110  8a 6c c2 8a 78 74 34 2a  4d 9d ca 4e 51 11 9f a1  |.l..xt4*M..NQ...|
00000120  b2 dc 14 10 e1 2d af 42  c7 84 f3 72 24 ca 0c 8d  |.....-.B...r$...|
00000130  20 44 89 fa 03 1c 1d 54  0b 53 22 48 f5 53 cb 11  | D.....T.S"H.S..|
00000140  58 ea 0e b7 9b 90 1d da  26 ca 9a e4 4e fa a1 21  |X.......&...N..!|
00000150  83 ba b8 b4 e3 a6 21 e0  6a 49 ce c5 e7 9c bd e2  |......!.jI......|
00000160  5b f5 4f c5 a1 73 97 09  79 3e e5 81 0e a6 ae ad  |[.O..s..y>......|
00000170  34 d4 c0 10 a2 ec e3 09  43 ce 1b 7c 4e 54 da 59  |4.......C..|NT.Y|
00000180  cf 63 c4 ce 42 37 24 67  c2 f0 82 7e 46 48 aa f5  |.c..B7$g...~FH..|
00000190  46 76 40 d7 19 d7 a8 69  57 7a 24 94 24 a8 b2 f8  |Fv@....iWz$.$...|
000001a0  22 a8 19 0b 07 f9 e9 ac  e8 c6 9c 1b d8 d8 45 79  |".............Ey|
000001b0  90 38 40 53 f2 5c 68 64  98 f5 42 bd c1 a0 fa 1a  |.8@S.\hd..B.....|
000001c0  23 a9 c7 38 24 7b b2 df  e7 29 2a 48 4c 9b f4 c0  |#..8${...)*HL...|
000001d0  05 5c f1 fc b4 71 5f 20  5f 1b a0 16 d2 36 be aa  |.\...q_ _....6..|
000001e0  1d a2 d5 c8 1c d9 9b 01  94 94 63 90 03 70 ee 4e  |..........c..p.N|
000001f0  1c 6d 7d b0 6e bd 0b 22  64 91 fc 60 67 5d c4 48  |.m}.n.."d..`g].H|
00000200  99 83 fb 9a b9 92 86 b7  5d f6 24 e6 ad 80 b8 e2  |........].$.....|
00000210  af df 99 f5 fd 5b 7c 05  a1 37 f3 62 f8 63 1d 98  |.....[|..7.b.c..|
00000220  75 ce e3 0a d4 00 00 00  00 00 00 00 00 00 00 00  |u...............|
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000400

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 40916
Build 37805: arc lint + arc unit

Event Timeline

sbin/dumpon/dumpon.c
346

We should check the length passed by the child against KERNELDUMP_ENCKEY_MAX_SIZE, rather than blindly allocating the amount specified.

Doh. Thanks for testing and fixing.

This revision is now accepted and ready to land.Aug 9 2021, 10:59 PM
  • CR feedback: check key size in parent
This revision now requires review to proceed.Aug 10 2021, 4:52 PM
This revision is now accepted and ready to land.Aug 11 2021, 1:43 PM