5

I am trying to debug this error but have not been able to do it for a while now. I have tried to use memmove as an alternative but that also results in a segmentation fault. The link to the code in this question is posted at - http://pastebin.com/hiwV5G04

Can someone please help me understand what am I doing wrong ?

//------------------------------------------------------------------------
// Somewhere in the main function, This is the piece of code I am executing
//------------------------------------------------------------------------
SslDecryptSession *ssl_session = malloc(sizeof(struct _SslDecryptSession ));
ssl_session->client_random.data = NULL;  //Make the stuff point somewhere. Else can use malloc also here. Not sure if this is a problem
ssl_session->server_random.data= NULL;
const u_char *payload;                  /* Packet payload */
//Case for client random
printf("Client Random ");
for (cs_id = 11; cs_id < 43; cs_id++){
printf("%hhX", payload[cs_id] );
}
printf("\n");
cs_id=11;
ssl_session->client_random.data_len=32;
// Segmentation fault here
memcpy(ssl_session->client_random.data, payload[cs_id], 32);

The definitions of the structures involved are - 

typedef struct _SslDecryptSession {
guchar _master_secret[SSL_MASTER_SECRET_LENGTH];
guchar _session_id[256];
guchar _client_random[32];
guchar _server_random[32];
StringInfo session_id;
StringInfo session_ticket;
StringInfo server_random;
StringInfo client_random;
StringInfo master_secret;
StringInfo handshake_data;
StringInfo pre_master_secret;
guchar _server_data_for_iv[24];
StringInfo server_data_for_iv;
guchar _client_data_for_iv[24];
StringInfo client_data_for_iv;

gint state;
SslCipherSuite cipher_suite;
SslDecoder *server;
SslDecoder *client;
SslDecoder *server_new;
SslDecoder *client_new;
gcry_sexp_t private_key;
StringInfo psk;
guint16 version_netorder;
 StringInfo app_data_segment;
    SslSession session;
} SslDecryptSession;


typedef struct _StringInfo {
    guchar  *data;         
    guint    data_len;  
   } StringInfo

The output from gdb is this 

b 1985    // Putting a break point at line 1985 in my source code. 
//Here this is eqvialent to line 83, that is "ssl_session->client_random.data_len=32;"
Breakpoint 1 at 0x403878: file Newversion.c, line 1985.
run       //run the code in gdb
At breakpoint 1 the following info is in the variables
p ssl_session
$1 = (SslDecryptSession *) 0x60fc50   // I put some data in ssl_session->version_netorder earlier. So it is not null here. Everything works fine here
p ssl_session->client_random.data
$2 = (guchar *) 0x0
p ssl_session->client_random.data_len
$3 = 32
step  // Execute 1 more line in the code
// I reach at the memcpy line and I get this error then
Breakpoint 1, got_packet (args=0x0, header=0x7fffffffe2c0, packet=0x7ffff6939086 "P=\345\203\376\177") at Newversion.c:1995
1995                memcpy(ssl_session->client_random.data, payload[cs_id], 32);
(gdb) 
(gdb) s
__memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:27
27  ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) 
28  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
29  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
30  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
31  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
32  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
33  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
34  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 
35  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:35
35  in ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S
Choi
  • 151
  • 1
  • 2
  • 13
  • Did you try and profile the code with [Valgrind](http://www.valgrind.org) and try an analysis tool in an IDE? Do you have 0 compiler warnings? – Niklas Rosencrantz May 07 '16 at 20:28
  • I have this compiler warning `Newversion.c:2044:65: warning: passing argument 2 of ‘memcpy’ makes pointer from integer without a cast [-Wint-conversion] memcpy(ssl_session->server_random.data, payload[cs_id], 33);` ` ^In file included from Newversion.c:39:0: /usr/include/string.h:42:14: note: expected ‘const void * restrict’ but argument is of type ‘u_char {aka const unsigned char}’ extern void *memcpy (void *__restrict __dest, const void *__restrict __src ` – Choi May 07 '16 at 20:32
  • you forget & : memcpy(ssl_session->client_random.data, &payload[cs_id], 32); – fedi May 07 '16 at 20:39
  • I tried changing the second argument of the memcpy to this memcpy(ssl_session->client_random.data, payload+11, 32) There are no compiler warnings after this edit This should be the same as using the '&' But either of them dont work and still end up into mem alignments – Choi May 07 '16 at 20:48

3 Answers3

2

There's many things that doesn't seems right with the code. The problematic line is :

memcpy(ssl_session->client_random.data, payload[cs_id], 32);

This line will copy what is pointed by payload[cs_id] at the adress pointed by ssl_session->client_random.data. Will do this for 32 bytes.

You provided the content of payload to memcpy instead of it's address, therefore the warning you get at compilation.

You probably meant something like

memcpy(ssl_session->client_random.data, &payload[cs_id], 32); // Note the & symbol

Also, there is a comment in your code stating that you are unsure whether you should use malloc or not. You do.

In the snippet of code you provided, payload is not initilized (therefore, unpredictable value) and ssl_session->client_random.data is initilized with NULL. This means you try to write at address 0, which will raise a segfault for sure. Moreover, before writing at address 0, you read a random address in the memory, which will most likely raise an exception as well.

To solve the issue, make sure your OS has given you a memory space to use before reading/writing in it.

const u_char payload[43];  // 43 is based on the example you provided
...
ssl_session->client_random.data = malloc(sizeof(u_char)*32); // Also based on your example
...
memcpy(ssl_session->client_random.data, &payload[cs_id], 32);

Hope this helps.

Pier-Yves Lessard
  • 582
  • 5
  • 20
1

1-you forget to allocate the memory.

2- memcpy(ssl_session->client_random.data, &payload[cs_id], 32*sizeof(u_char)

    SslDecryptSession *ssl_session = malloc(sizeof(struct _SslDecryptSession ));
    ssl_session->client_random.data = NULL;  //Make the stuff point somewhere. Else can use malloc also here. Not sure if this is a problem
    ssl_session->server_random.data= NULL;

    const u_char *payload;                  /* Packet payload */
    //Case for client random

    printf("Client Random ");
    for (cs_id = 11; cs_id < 43; cs_id++){
            printf("%hhX", payload[cs_id] );
    }
    printf("\n");


    cs_id=11;
    ssl_session->client_random.data_len=32;
    guchar  *pData = malloc(32*sizeof(guchar));  
    ssl_session->client_random.data = pData;
    memcpy(ssl_session->client_random.data, &payload[cs_id], 32*sizeof(u_char);
fedi
  • 368
  • 3
  • 7
  • 18
0

The offending code is:

memcpy(ssl_session->client_random.data, payload[cs_id], 32);

With payload defined as:

const u_char *payload;

You seem to have a type mismatch for operand 2 of memcpy, you do not pass a pointer but an integer. The compiler should complain with a warning, and such warnings should not be ignored.

Did you mean to use memset() to initialize the data instead of memcpy()?

chqrlie
  • 131,814
  • 10
  • 121
  • 189
  • I changed the code to this memcpy(ssl_session->client_random.data, payload+11, 32); which changes it to a pointer. But it still gives a seg fault There are no compiler warnings after this edit. – Choi May 07 '16 at 20:36
  • Not really, I initialized ssl_session->client_random to NULL and the next 32 bytes of payload[cs_id] are fine and contain data. I am printing them above in a for loop. – Choi May 07 '16 at 20:42