Google Git
Sign in
cos / mirrors / cros / chromiumos / overlays / portage-stable / 8020d323b8e71f38187a46aa1388efcfba57328d^! / .
commit8020d323b8e71f38187a46aa1388efcfba57328d[log] [tgz]
authorLutz Justen <ljusten@chromium.org>Fri Aug 16 09:13:36 2019 +0200
committerchrome-bot <chrome-bot@chromium.org>Tue Aug 20 05:18:17 2019 -0700
treeb21124d21c7f02aef8eb57c281083768bb21fceb
parentf902904be96e651018070dbbe74eb3f99b7ab2c6 [diff]
mit-krb5: Workaround for MSAN not handling getrandom

MSAN does not track memory writes by getrandom. Thus, anything that uses
the random numbers causes Use-of-uninitialized-value errors. This is a
false positive. As a workaround, set buffer to 0 before calling
getrandom.

I've verified that the random bytes are indeed written, just in case.

BUG=chromium:988025
TEST=config_validator_fuzzer doesn't report bug anymore

Change-Id: Id3048848e82bbab31d55e92aaa228ce8e4c2ead1
Reviewed-on: https://chromium-review.googlesource.com/1757923
Tested-by: Lutz Justen <ljusten@chromium.org>
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>

diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16_uninitialized_memory_workaround.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16_uninitialized_memory_workaround.patch
new file mode 100644
index 0000000..0191d01
--- /dev/null
+++ b/app-crypt/mit-krb5/files/mit-krb5-1.16_uninitialized_memory_workaround.patch

@@ -0,0 +1,16 @@
+Workaround for https://crbug.com/988025.
+
+--- src/lib/crypto/krb/prng.c
++++ src/lib/crypto/krb/prng.c
+@@ -102,6 +102,11 @@ k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
+ #if defined(__linux__) && defined(SYS_getrandom)
+     int r;
+ 
++    // https://crbug.com/988025: Workaround for uninitialized memory errors
++    // under MSAN. Memory sanitizer does not track memory writes by
++    // SYS_getrandom calls.
++    memset(buf, 0, len);
++
+     while (len > 0) {
+         /*
+          * Pull from the /dev/urandom pool, but require it to have been seeded.

diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1-r2.ebuild
similarity index 100%
rename from app-crypt/mit-krb5/mit-krb5-1.16.1-r1.ebuild
rename to app-crypt/mit-krb5/mit-krb5-1.16.1-r2.ebuild

diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
index 1708713..b146913 100644
--- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
+++ b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild

@@ -59,6 +59,7 @@
 	eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
 	eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
 	eapply "${FILESDIR}/${PN}-1.16_quoted_string_buffer_overflow.patch"
+	eapply "${FILESDIR}/${PN}-1.16_uninitialized_memory_workaround.patch"
 
 	# Make sure we always use the system copies.
 	rm -rf util/{et,ss,verto}