rwpenney / cryptmount Goto Github PK
View Code? Open in Web Editor NEWSimplified management of Linux encrypted filesystems
Home Page: https://cryptmount.sourceforge.net
License: GNU General Public License v2.0
Simplified management of Linux encrypted filesystems
Home Page: https://cryptmount.sourceforge.net
License: GNU General Public License v2.0
Hi,
A SIGGEGV is happening in the following scenario:
$ ./cryptmount --umount research
Segmentation fault (core dumped)
I investigated a little bit and apparently the problem is happening inside parse_options()
when calling libc getopts_long()
. Please check below the output on gdb (I redacted some verbose output):
$ gdb ./cryptmount -d .
gef➤ set args --umount research
gef➤ b cryptmount.c:1388
gef➤ r
[...]
[ Legend: Modified register | Code | Heap | Stack | String ]
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax : 0x00007fffffffd7cc → 0x0000000000000000
$rbx : 0x0
$rcx : 0x000055555556e3c0 → 0x0000555555563134 → 0x6e616863006c6c61 ("all"?)
$rdx : 0x000055555556e380 → "acf:g:hklmw:pre:nSsxBQuyv"
$rsp : 0x00007fffffffd780 → 0x000055555556ccd0 → 0x00780074706b7564 ("dukpt"?)
$rbp : 0x000055555556e380 → "acf:g:hklmw:pre:nSsxBQuyv"
$rsi : 0x00007fffffffde28 → 0x00007fffffffe1a9 → "/home/dukpt/Downloads/cryptmount/cryptmount"
$rdi : 0x3
$rip : 0x000055555555acc4 → <parse_options+1284> call 0x555555557b50 <getopt_long@plt>
$r8 : 0x00007fffffffd7cc → 0x0000000000000000
$r9 : 0x000055555556e3c0 → 0x0000555555563134 → 0x6e616863006c6c61 ("all"?)
$r10 : 0x00007ffff7dbcac0 → 0x0000000100000000
$r11 : 0x00007ffff7e17ce0 → 0x000055555556e680 → 0x0a3a3432313a783a (":x:124:\n"?)
$r12 : 0x000055555556e3c0 → 0x0000555555563134 → 0x6e616863006c6c61 ("all"?)
$r13 : 0x00005555555654b5 → "cryptmount"
$r14 : 0x0000555555568a18 → 0x0000555555559700 → <__do_global_dtors_aux+0> endbr64
$r15 : 0x00007fffffffdb28 → 0x000000000000003f ("?"?)
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd780│+0x0000: 0x000055555556ccd0 → 0x00780074706b7564 ("dukpt"?) ← $rsp
0x00007fffffffd788│+0x0008: 0x00007fffffffde28 → 0x00007fffffffe1a9 → "/home/dukpt/Downloads/cryptmount/cryptmount"
0x00007fffffffd790│+0x0010: 0x00007fffffffd7cc → 0x0000000000000000
0x00007fffffffd798│+0x0018: 0x00007fffffffd7e0 → 0x0000000000000061 ("a"?)
0x00007fffffffd7a0│+0x0020: 0x0000000000000003
0x00007fffffffd7a8│+0x0028: 0x00007ffff7e14600 → 0x0000000000000000
0x00007fffffffd7b0│+0x0030: 0x00007fffffffdbec → 0x00000000ffffffff
0x00007fffffffd7b8│+0x0038: 0x00007fffffffdbe8 → 0xffffffffffffffff
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
0x55555555acb9 <parse_options+1273> mov rdx, rbp
0x55555555acbc <parse_options+1276> mov rcx, r12
0x55555555acbf <parse_options+1279> mov rsi, QWORD PTR [rsp+0x8]
→ 0x55555555acc4 <parse_options+1284> call 0x555555557b50 <getopt_long@plt>
↳ 0x555555557b50 <getopt_long@plt+0> endbr64
0x555555557b54 <getopt_long@plt+4> bnd jmp QWORD PTR [rip+0x1133d] # 0x555555568e98 <[email protected]>
0x555555557b5b <getopt_long@plt+11> nop DWORD PTR [rax+rax*1+0x0]
0x555555557b60 <fread@plt+0> endbr64
0x555555557b64 <fread@plt+4> bnd jmp QWORD PTR [rip+0x11335] # 0x555555568ea0 <[email protected]>
0x555555557b6b <fread@plt+11> nop DWORD PTR [rax+rax*1+0x0]
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── arguments (guessed) ────
getopt_long@plt (
$rdi = 0x0000000000000003,
$rsi = 0x00007fffffffde28 → 0x00007fffffffe1a9 → "/home/dukpt/Downloads/cryptmount/cryptmount",
$rdx = 0x000055555556e380 → "acf:g:hklmw:pre:nSsxBQuyv",
$rcx = 0x000055555556e3c0 → 0x0000555555563134 → 0x6e616863006c6c61 ("all"?),
$r8 = 0x00007fffffffd7cc → 0x0000000000000000
)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── source:cryptmount.c+1388 ────
1383 #endif /* _GNU_SOURCE */
1384
1385 for (;;) {
1386 struct cm_option *selected;
1387 #ifdef _GNU_SOURCE
●→ 1388 optchar = getopt_long(argc, argv, shortopts, longopts, &idx);
1389 #else
1390 optchar = getopt(argc, argv, shortopts);
1391 #endif
1392 if (optchar < 0 || optchar == '?') break;
1393 idx = 0;
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "cryptmount", stopped 0x55555555acc4 in parse_options (), reason: SINGLE STEP
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x55555555acc4 → parse_options(argc=0x3, argv=0x7fffffffde28, mode_params=0x7fffffffdbf8, passwd_fd=0x7fffffffdbec, config_fd=0x7fffffffdbe8, pw_ctxt=0x7fffffffdc30)
[#1] 0x555555557ea9 → main(argc=0x3, argv=0x7fffffffde28)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
After that, if you continue a SIGSEGV will happen:
$rax : 0x1ff
$rbx : 0x000055555556e660 → 0x6b75643a3232313a (":122:duk"?)
$rcx : 0x15
$rdx : 0x0
$rsp : 0x00007fffffffd5d8 → 0x00007ffff7d05ea1 → <process_long_option+209> test eax, eax
$rbp : 0x00007fffffffd6a0 → 0x0000000000000003
$rsi : 0x00007fffffffe1d7 → 0x7200746e756f6d75 ("umount"?)
$rdi : 0x6b75643a3232313a (":122:duk"?)
$rip : 0x00007ffff7d96f31 → <__strncmp_avx2+49> vmovdqu ymm1, YMMWORD PTR [rdi]
$r8 : 0x00007fffffffd7cc → 0x0000000000000000
$r9 : 0x0
$r10 : 0x00007ffff7dbcac0 → 0x0000000100000000
$r11 : 0x6
$r12 : 0x6b75643a3232313a (":122:duk"?)
$r13 : 0x15
$r14 : 0x6
$r15 : 0x00007fffffffe1d7 → 0x7200746e756f6d75 ("umount"?)
$eflags: [zero CARRY parity adjust SIGN trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd5d8│+0x0000: 0x00007ffff7d05ea1 → <process_long_option+209> test eax, eax ← $rsp
0x00007fffffffd5e0│+0x0008: 0x0000000000000000
0x00007fffffffd5e8│+0x0010: 0x0000000000000000
0x00007fffffffd5f0│+0x0018: 0x00000000000004c2
0x00007fffffffd5f8│+0x0020: 0x0000000000000600
0x00007fffffffd600│+0x0028: 0x000000000000000a ("\n"?)
0x00007fffffffd608│+0x0030: 0x00007ffff7dd7ee1 → 0x69203a7325002d2d ("--"?)
0x00007fffffffd610│+0x0038: 0x7500000000000003
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
0x7ffff7d96f21 <__strncmp_avx2+33> and eax, 0xfff
0x7ffff7d96f26 <__strncmp_avx2+38> cmp eax, 0xf80
0x7ffff7d96f2b <__strncmp_avx2+43> jg 0x7ffff7d97330 <__strncmp_avx2+1072>
→ 0x7ffff7d96f31 <__strncmp_avx2+49> vmovdqu ymm1, YMMWORD PTR [rdi]
0x7ffff7d96f35 <__strncmp_avx2+53> vpcmpeqb ymm0, ymm1, YMMWORD PTR [rsi]
0x7ffff7d96f39 <__strncmp_avx2+57> vpminub ymm0, ymm0, ymm1
0x7ffff7d96f3d <__strncmp_avx2+61> vpcmpeqb ymm0, ymm0, ymm7
0x7ffff7d96f41 <__strncmp_avx2+65> vpmovmskb ecx, ymm0
0x7ffff7d96f45 <__strncmp_avx2+69> test ecx, ecx
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "cryptmount", stopped 0x7ffff7d96f31 in __strncmp_avx2 (), reason: SIGSEGV
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7d96f31 → __strncmp_avx2()
[#1] 0x7ffff7d05ea1 → process_long_option(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, d=0x7ffff7e1f180 <getopt_data>, print_errors=0x1, prefix=0x7ffff7dd7ee1 "--")
[#2] 0x7ffff7d0688f → _getopt_internal_r(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, d=0x7ffff7e1f180 <getopt_data>, posixly_correct=0x0)
[#3] 0x7ffff7d06aeb → _getopt_internal(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, posixly_correct=0x0)
[#4] 0x7ffff7d06b72 → getopt_long(argc=0x3, argv=0x7fffffffde28, options=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", long_options=0x55555556e3c0, opt_index=0x7fffffffd7cc)
[#5] 0x55555555acc9 → parse_options(argc=0x3, argv=0x7fffffffde28, mode_params=0x7fffffffdbf8, passwd_fd=0x7fffffffdbec, config_fd=0x7fffffffdbe8, pw_ctxt=0x7fffffffdc30)
[#6] 0x555555557ea9 → main(argc=0x3, argv=0x7fffffffde28)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤
Maybe there some issue with the structure size.
The same bug happens within distro version of cryptmount.
I compiled the last code from master and I'm running Ubuntu 22.04.2 (jammy).
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.