From 5e5d454037df549cc914f45891957181aa3b0a45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Tue, 7 Jul 2015 01:46:54 +0100 Subject: [PATCH] shred: fix pattern selection for certain iteration counts This was detected in about 25% of runs with gcc -fsanitize=address ERROR: AddressSanitizer: global-buffer-overflow on address ... READ of size 4 at 0x000000416628 thread T0 #0 0x40479f in genpattern src/shred.c:782 #1 0x4050d9 in do_wipefd src/shred.c:921 #2 0x406203 in wipefile src/shred.c:1175 #3 0x406b84 in main src/shred.c:1316 #4 0x7f3454a1ef9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #5 0x4025d8 (/tmp/coreutils-8.23/src/shred+0x4025d8) 0x000000416628 is located 56 bytes to the left of global variable '*.LC49' from 'src/shred.c' (0x416660) of size 17 0x000000416628 is located 12 bytes to the right of global variable 'patterns' from 'src/shred.c' (0x416540) of size 220 SUMMARY: AddressSanitizer: global-buffer-overflow src/shred.c:782 * src/shred.c (gen_patterns): Restrict pattern selection to the K available, which regressed due to v5.92-1462-g65533e1. * tests/misc/shred-passes.sh: Add a deterministic test case. * NEWS: Mention the bug fix. Fixes http://bugs.gnu.org/20998 --- NEWS | 5 +++++ src/shred.c | 5 +++-- tests/misc/shred-passes.sh | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 7e213fd..54a0ab6 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,11 @@ GNU coreutils NEWS -*- outline -*- * Noteworthy changes in release ?.? (????-??-??) [?] +** Bug fixes + + shred again uses defined patterns for all iteration counts. + [bug introduced in coreutils-5.93] + * Noteworthy changes in release 8.24 (2015-07-03) [stable] diff --git a/src/shred.c b/src/shred.c index 63bcd6f..52c93ef 100644 --- a/src/shred.c +++ b/src/shred.c @@ -712,7 +712,7 @@ static int const 12, 0x111, 0x222, 0x333, 0x444, 0x666, 0x777, 0x888, 0x999, 0xBBB, 0xCCC, 0xDDD, 0xEEE, /* 4-bit */ -1, /* 1 random pass */ - /* The following patterns have the frst bit per block flipped */ + /* The following patterns have the first bit per block flipped */ 8, 0x1000, 0x1249, 0x1492, 0x16DB, 0x1924, 0x1B6D, 0x1DB6, 0x1FFF, 14, 0x1111, 0x1222, 0x1333, 0x1444, 0x1555, 0x1666, 0x1777, 0x1888, 0x1999, 0x1AAA, 0x1BBB, 0x1CCC, 0x1DDD, 0x1EEE, @@ -776,7 +776,7 @@ genpattern (int *dest, size_t num, struct randint_source *s) break; } else - { /* Pad out with k of the n available */ + { /* Pad out with n of the k available */ do { if (n == (size_t) k || randint_choose (s, k) < n) @@ -785,6 +785,7 @@ genpattern (int *dest, size_t num, struct randint_source *s) n--; } p++; + k--; } while (n); break; diff --git a/tests/misc/shred-passes.sh b/tests/misc/shred-passes.sh index 0fa63be..64216fd 100755 --- a/tests/misc/shred-passes.sh +++ b/tests/misc/shred-passes.sh @@ -32,9 +32,9 @@ shred: f: renamed to 0 shred: f: removed" > exp || framework_failure_ shred -v -u f 2>out || fail=1 - compare exp out || fail=1 + # Likewise but for a zero length file # to bypass the data passes touch f || framework_failure_ @@ -44,7 +44,39 @@ shred: f: renamed to 0 shred: f: removed" > exp || framework_failure_ shred -v -u f 2>out || fail=1 +compare exp out || fail=1 + + +# shred data 20 times and verify the passes used. +# This would consume all random data between 5.93 and 8.24 inclusive. +dd bs=100K count=1 if=/dev/zero | tr '\0' 'U' > Us || framework_failure_ +printf 1 > f || framework_failure_ +echo "\ +shred: f: pass 1/20 (random)... +shred: f: pass 2/20 (ffffff)... +shred: f: pass 3/20 (924924)... +shred: f: pass 4/20 (888888)... +shred: f: pass 5/20 (db6db6)... +shred: f: pass 6/20 (777777)... +shred: f: pass 7/20 (492492)... +shred: f: pass 8/20 (bbbbbb)... +shred: f: pass 9/20 (555555)... +shred: f: pass 10/20 (aaaaaa)... +shred: f: pass 11/20 (random)... +shred: f: pass 12/20 (6db6db)... +shred: f: pass 13/20 (249249)... +shred: f: pass 14/20 (999999)... +shred: f: pass 15/20 (111111)... +shred: f: pass 16/20 (000000)... +shred: f: pass 17/20 (b6db6d)... +shred: f: pass 18/20 (eeeeee)... +shred: f: pass 19/20 (333333)... +shred: f: pass 20/20 (random)... +shred: f: removing +shred: f: renamed to 0 +shred: f: removed" > exp || framework_failure_ +shred -v -u -n20 --random-source=Us f 2>out || fail=1 compare exp out || fail=1 -- 2.4.1