pppd segfaults on AMD64 with ms-chap

pppd segfaults on AMD64 with ms-chap

[mole]

[-- Attachment #1: Type: text/plain, Size: 688 bytes --]

I am new to this list, sorry if this problem is already solved.

I have tried to use pptp on fedora Core 2 for AMD64 and found that pppd 
segfaults on my machine when ms-chap is in use.

If pppd is compiled with openssl's sha then pppd doesn't segfault on 
authentication but mppe-enabled kernel then gives me oops in mppe sha code.

The same kernel/pppd work fine in 32 bit mode.

The problem proved to be in the broken sha1 implementation that assumes 
that unsigned long is 32-bit wide.

The quick/minimal change to make it all work in 64-bit mode is in the 
attached patch. But it looks like the code needs more cleanups to make 
it obviously 64-bit safe.

Best,
Oleg Makarenko







[-- Attachment #2: pppd-x86_64.patch --]
[-- Type: text/plain, Size: 1463 bytes --]

diff -urN ppp-2.4.2_cvs_20030610.orig/linux/mppe/sha1.c ppp-2.4.2_cvs_20030610/linux/mppe/sha1.c
--- ppp-2.4.2_cvs_20030610.orig/linux/mppe/sha1.c	2002-04-02 18:01:37.000000000 +0400
+++ ppp-2.4.2_cvs_20030610/linux/mppe/sha1.c	2004-06-08 14:55:46.000000000 +0400
@@ -19,6 +19,7 @@
 #if defined(__linux__)
 #include <asm/byteorder.h>
 #include <linux/string.h>
+#include <linux/types.h>
 #else if defined(__solaris__)
 #include <sys/isa_defs.h>
 #include <sys/ddi.h>
@@ -59,10 +60,10 @@
 static void
 SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
 {
-    unsigned long a, b, c, d, e;
+    u32 a, b, c, d, e;
     typedef union {
 	unsigned char c[64];
-	unsigned long l[16];
+	u32 l[16];
     } CHAR64LONG16;
     CHAR64LONG16 *block;
 
diff -urN ppp-2.4.2_cvs_20030610.orig/pppd/sha1.c ppp-2.4.2_cvs_20030610/pppd/sha1.c
--- ppp-2.4.2_cvs_20030610.orig/pppd/sha1.c	2002-04-02 17:54:59.000000000 +0400
+++ ppp-2.4.2_cvs_20030610/pppd/sha1.c	2004-06-08 14:54:44.000000000 +0400
@@ -18,6 +18,7 @@
 
 #include <string.h>
 #include <netinet/in.h>	/* htonl() */
+#include <sys/types.h>	/* u_int32_t */
 #include "sha1.h"
 
 static void
@@ -44,10 +45,10 @@
 static void
 SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
 {
-    unsigned long a, b, c, d, e;
+    u_int32_t a, b, c, d, e;
     typedef union {
 	unsigned char c[64];
-	unsigned long l[16];
+	u_int32_t l[16];
     } CHAR64LONG16;
     CHAR64LONG16 *block;
 

Re: pppd segfaults on AMD64 with ms-chap

[James Cameron]

Matt Domsch posted a patch to one of the PPTP mailing lists today that
causes the MPPE module to use the in-kernel implementations of SHA1 and
ARC4.  You might find that the existing kernel code is 64-bit clean.

I'm sure we'd love to hear how it goes.

-- 
James Cameron                         http://quozl.netrek.org/
HP Open Source, Volunteer             http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: pppd segfaults on AMD64 with ms-chap

[Guy Rouillier]

On Tue, 08 Jun 2004 15:15:13 +0400
mole <mole@quadra.ru> wrote:

> I am new to this list, sorry if this problem is already solved.
> 
> I have tried to use pptp on fedora Core 2 for AMD64 and found that
> pppd segfaults on my machine when ms-chap is in use.

I just reported this same bug to the list two days ago.  See "2.4.2 on
AMD64 Linux: assumes 4-byte long".  I haven't gotten any replies yet, so
I'm going to try making the changes I found at the link I provided. 
Unfortunately, the version of sha1.c in the kernel has the same bug in
it, so I'm going to have to rebuild the kernel.  I tried just rebuilding
pppd, and that resulted in a kernel panic.  More changes are required
than your patch includes; for example, the SHA1_CTX structure itself
must be modified.

> 
> If pppd is compiled with openssl's sha then pppd doesn't segfault on 
> authentication but mppe-enabled kernel then gives me oops in mppe sha
> code.
> 
> The same kernel/pppd work fine in 32 bit mode.
> 
> The problem proved to be in the broken sha1 implementation that
> assumes that unsigned long is 32-bit wide.
> 
> The quick/minimal change to make it all work in 64-bit mode is in the 
> attached patch. But it looks like the code needs more cleanups to make
> 
> it obviously 64-bit safe.
> 
> Best,
> Oleg Makarenko
> 
> 
> 
> 
> 
> 
> 


-- 
Guy Rouillier


-- 
Guy Rouillier

Re: pppd segfaults on AMD64 with ms-chap

[mole]

James Cameron wrote:

>Matt Domsch posted a patch to one of the PPTP mailing lists today that
>causes the MPPE module to use the in-kernel implementations of SHA1 and
>ARC4.  You might find that the existing kernel code is 64-bit clean.
>
>  
>
I have tried it (original patch) without any success. I get kernel oops 
on both 32 and 64 bit kernels.

>I'm sure we'd love to hear how it goes.
>  
>
Going to try his second patch version and let you know of the results.


Oleg Makarenko