x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

marete · 2015-07-01T23:11:47Z

The following program panics:

package main

import (
    "bytes"
    "encoding/hex"
    "io"
    "log"
    "os"

    "golang.org/x/crypto/openpgp"
)

// An empty Keyring
type emptyKR struct {
}

func (kr emptyKR) KeysById(id uint64) []openpgp.Key {
    return nil
}

func (kr emptyKR) DecryptionKeys() []openpgp.Key {
    return nil
}

func (kr emptyKR) KeysByIdUsage(uint64, byte) []openpgp.Key {
    return nil
}

var data = "9c3004303030300100000011303030000000000000010130303030303030303030303030303030303030303030303030303030303030303030303030303030303030"

func main() {
    buf, err := hex.DecodeString(data)
    if err != nil {
        log.Fatalln(err)
    }

    md, err := openpgp.ReadMessage(bytes.NewBuffer(buf), emptyKR{},
        func([]openpgp.Key, bool) ([]byte, error) {
            return []byte("insecure"), nil
        }, nil)

    if err != nil {
        log.Fatalln(err)
    }

    _, err = io.Copy(os.Stdout, md.UnverifiedBody)
    if err != nil {
        log.Fatalln(err)
    }

    if md.SignatureError != nil {
        log.Fatalln("integrity check failed")
    }
}

with the trace:

panic: division by zero

goroutine 1 [running]:
math/big.nat.div(0x0, 0x0, 0x0, 0xc20803c570, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc20803c570, ...)
    /opt/go/src/math/big/nat.go:503 +0xcb
math/big.(*Int).QuoRem(0xc208020320, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0, 0x1, 0x5)
    /opt/go/src/math/big/int.go:224 +0xb6
math/big.(*Int).Mod(0xc2080202e0, 0xc2080200e0, 0xc2080202e0, 0xc2080202e0)
    /opt/go/src/math/big/int.go:255 +0x15c
crypto/rsa.(*PrivateKey).Precompute(0xc208068000)
    /opt/go/src/crypto/rsa/rsa.go:376 +0x1ba
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parseRSAPrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:266 +0x520
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parsePrivateKey(0xc208040000, 0xc208066000, 0x22, 0x600, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:234 +0x6c
golang.org/x/crypto/openpgp/packet.(*PrivateKey).parse(0xc208040000, 0x7f5e808d1bc0, 0xc208020080, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/private_key.go:103 +0x3f8
golang.org/x/crypto/openpgp/packet.Read(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1be8, 0xc208040000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/packet.go:375 +0x152
golang.org/x/crypto/openpgp/packet.(*Reader).Next(0xc20803c330, 0x0, 0x0, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/reader.go:37 +0x10c
golang.org/x/crypto/openpgp.ReadMessage(0x7f5e808d1b60, 0xc2080120e0, 0x7f5e808d1b88, 0x68c0a8, 0x5f0860, 0x0, 0xc208062000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/read.go:101 +0x206
main.main()
    /home/marebri/devel/lab/go/crypto/openpgp/issues/50eccec52/main.go:40 +0x285

goroutine 2 [runnable]:
runtime.forcegchelper()
    /opt/go/src/runtime/proc.go:90
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 3 [runnable]:
runtime.bgsweep()
    /opt/go/src/runtime/mgc0.go:82
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 4 [runnable]:
runtime.runfinq()
    /opt/go/src/runtime/malloc.go:712
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

Found using gofuzz. You may assign this issue to me.

The text was updated successfully, but these errors were encountered:

bradfitz · 2015-07-02T00:06:43Z

What version of Go?

marete · 2015-07-02T00:08:55Z

go version go1.4.2 linux/amd64

gopherbot · 2015-07-18T23:00:16Z

CL https://golang.org/cl/12356 mentions this issue.

parseRSAPrivateKey calls rsa.PrivateKey.Precompute which triggers divide-by-zero panic if either p or q is 1. Sanity check the parsed values by calling rsa.PrivateKey.Validate. Fixes golang/go#11505 Change-Id: Ia6c9eccca0cfa49aaa58716e708c557a788bb204 Reviewed-on: https://go-review.googlesource.com/12356 Reviewed-by: Adam Langley <agl@golang.org>

bradfitz assigned marete Jul 2, 2015

ianlancetaylor added this to the Unreleased milestone Jul 10, 2015

agl closed this as completed in golang/crypto@f2c09b0 Jul 29, 2015

golang locked and limited conversation to collaborators Aug 5, 2016

gopherbot added the FrozenDueToAge label Aug 5, 2016

rsc unassigned marete Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

marete commented Jul 1, 2015

bradfitz commented Jul 2, 2015

marete commented Jul 2, 2015

gopherbot commented Jul 18, 2015

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div() (division by zero) #11505

Comments

marete commented Jul 1, 2015

bradfitz commented Jul 2, 2015

marete commented Jul 2, 2015

gopherbot commented Jul 18, 2015