pike issueshttps://git.lysator.liu.se/pikelang/pike/-/issues2024-01-26T13:03:11Zhttps://git.lysator.liu.se/pikelang/pike/-/issues/10137SHA256/SHA512 crypt_hash bug2024-01-26T13:03:11ZHenrik (Grubba) GrubbströmSHA256/SHA512 crypt_hash bugFrom the Pike developers mailinglist/LysLysKOM 26091551:
```
26091551 2023-11-23 13:38 /146 rader/ Ricard Garra Oronich <rgarra@lleida.net>
Sänt av: SRS0=5fN1=HE=lists.lysator.liu.se=pike-devel-bounces@lysator.liu.se
Importerad: 2023-11-...From the Pike developers mailinglist/LysLysKOM 26091551:
```
26091551 2023-11-23 13:38 /146 rader/ Ricard Garra Oronich <rgarra@lleida.net>
Sänt av: SRS0=5fN1=HE=lists.lysator.liu.se=pike-devel-bounces@lysator.liu.se
Importerad: 2023-11-23 13:38 av Brevbäraren
Extern mottagare: pike-devel@lists.lysator.liu.se <pike-devel@lists.lysator.liu.se>
Mottagare: Pike (-) developers forum <21443>
Ärende: SHA256/SHA512 crypt_hash bug
------------------------------------------------------------
```
Hello,
I have been looking into using the `SHA256`/`SHA512` `crypt_hash` functions, and during my testing, comparing the results with other implementations (Python's passlib, Openssl, MySQL and C), I found that for some passwords used, the resulting hash is different that the ones generated by other languages/implementations, and therefore would fail if a hash of these passwords done with Pike was then computed/verified with another system.
I don't know the reason of this, but it seems to fail with some passwords, regardless of the salt or number of rounds, and both `SHA256` and `SHA512` "fail", while for some other passwords it works well. A couple of values that fail are simply "pass" and "password".
Below I attach some examples, using the mentioned failing passwords, first in Pike, and then comparing the computation of the same hash, using the same password/salt/rounds in other implementations, and you can see that all the rest are the same among them, but different from Pike. This fails also using `Crypto.Password.hash()`, and letting it compute a random salt. I also tested the reference base C implementation cited in your documentation (https://akkadia.org/drepper/SHA-crypt.txt), and it gives the same result as the others (and thus, different than Pike's).
In addition, I also found that in some cases, the random salt contains the character `"+"`, which the Python library I tested doesn't 'allow' it seems, this is probably not a bug itself, but could be taken into account for future implementations when generating a salt, I attach here their explanation:
From Python's passlib docs: "Restricted salt string character set:
"The underlying algorithm can unambiguously handle salt strings which contain any possible byte value besides `\x00` and `$`. However, Passlib strictly limits salts to the `hash64` character set, as nearly all implementations of sha256-crypt generate and expect salts containing those characters, but may have unexpected behaviors for other character values."
The `hash64` character set is:
```
HASH64_CHARS = u("./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
```
I would like to know if this is really a bug, and if it is, if you would be able to maybe fix it in some revision, if that's the case, I would be interested in using the updated/corrected code ASAP, implementing it in a module of my own perhaps.
Code examples:
```
Pike v8.0 release 1116 running Hilfe v3.5 (Incremental Pike Frontend):
> Crypto.SHA512.crypt_hash("pass","salt",10000);
(1) Result: "gJkLS5cThyks4JXgQ8x3UNvwYLNW22AHZdM70xoRvEma//RJfeBOC/Ik0EddD7DLI9Sau9pYCV29OLzxxVFph1"
> Crypto.Password.hash("pass","6",10000);
(2) Result: "$6$rounds=10000$UrtM9r9XUEqEp1H3$X.OaL5Jp8PNtjkgKPUdGv7hxFg.jjF0U0dqLnscH3F45socUKOP6jWK2hDtvZAj2f1/I1u7Sgc3n3U7MMJDIi1"
> Crypto.SHA512.crypt_hash("password","salt",10000);
(3) Result: "aaSSVStpZx9F9OYvj2130N4GR9uJcP/A10FvDYjBQWbs2RAYN.9iCJb9GvREy9Huz7H6Bp6u5SlHEEcrxaDPi0"
> Crypto.Password.hash("password","6",10000);
(4) Result: "$6$rounds=10000$CfcWNrK0SB8eROnk$a/agNPy2AKOVf4qNTHRXw16nUSjHeINZCTxgw5PjLlRBFnxJ6DDI/rebM3I8LD8pubgOji7ps70JddbFUWo190"
> Crypto.SHA256.crypt_hash("pass","salt",10000);
(5) Result: "s2.jgIPueybkP3hvZqjt3ql5emK9LDBUGvrNc8Cfq3B"
> Crypto.Password.hash("pass","5",10000);
(6) Result: "$5$rounds=10000$Pjj07C7RqLD+ydig$Heqa8mVcO6ttpcXxxtmYoRF6kuPDbieJgy8YPkNNpl."
> Crypto.Password.hash("pass","5",10000);
(7) Result: "$5$rounds=10000$PKoyOiOCTDQTwjBS$jgKXglMIaloY8JPEz/Zp14q1S6qrG2DShYeEUuO4YC4"
```
-----------------
Python:
```
>>> from passlib.hash import sha512_crypt
>>> sha512_crypt.hash("pass", salt="salt",rounds=10000)
'$6$rounds=10000$salt$OSEwMhCIwtjyui53YYIYdyKYKKMcnmS2EbioMYM3/7ya4jWlyYim8VJvMW4cVEgVkO.a.YBgUKiMtpAGUQSXf.'
>>> sha512_crypt.hash("pass", salt="UrtM9r9XUEqEp1H3",rounds=10000)
'$6$rounds=10000$UrtM9r9XUEqEp1H3$IazyuGXF.YEWCnYtarD5BGYduUW2zzydYZXN3xa5QfHx5wvE.lQyU2rPnqMSiSLMvXR0En2Suo/2805nGp1FU.'
>>> sha512_crypt.hash("password", salt="salt",rounds=10000)
'$6$rounds=10000$salt$dE5fLfpn2uXfkz.eouwYK/BjrHRu.piovQPjwlE06fDJHwMlg2l.IqEBUIfWBzf7YPXOAddB3FM7rnXHHKVNt.'
>>> sha512_crypt.hash("password", salt="CfcWNrK0SB8eROnk",rounds=10000)
'$6$rounds=10000$CfcWNrK0SB8eROnk$wuB7fFzyIokmn5WLk2theKXOpBbIkuyRqtUNTtwPWdEI7eKi.dnvcPtrM337BUXvgUXwrBPYWjKFl.r0i39Yz0'
>>> pike_hash = "$6$rounds=10000$UrtM9r9XUEqEp1H3$X.OaL5Jp8PNtjkgKPUdGv7hxFg.jjF0U0dqLnscH3F45socUKOP6jWK2hDtvZAj2f1/I1u7Sgc3n3U7MMJDIi1"
>>> sha512_crypt.verify("pass",pike_hash)
False
>>> pike_hash2="$6$rounds=10000$CfcWNrK0SB8eROnk$a/agNPy2AKOVf4qNTHRXw16nUSjHeINZCTxgw5PjLlRBFnxJ6DDI/rebM3I8LD8pubgOji7ps70JddbFUWo190"
>>> sha512_crypt.verify("password",pike_hash2)
False
>>> sha256_crypt.hash("pass", salt="salt",rounds=10000)
'$5$rounds=10000$salt$Lffn09CeAx2gukDdao1thbgNhgpn41BG4JJNh0Nk6C/'
>>> pike_hash3 = '$5$rounds=10000$Pjj07C7RqLD+ydig$Heqa8mVcO6ttpcXxxtmYoRF6kuPDbieJgy8YPkNNpl.'
>>> sha256_crypt.verify("pass",pike_hash3)
Traceback (most recent call last):
(...)
raise ValueError("invalid characters in %s salt" % cls.name)
ValueError: invalid characters in sha256_crypt salt
>>> sha256_crypt.hash("pass", salt="Pjj07C7RqLD+ydig",rounds=10000)
Traceback (most recent call last):
(...)
raise ValueError("invalid characters in %s salt" % cls.name)
ValueError: invalid characters in sha256_crypt salt
>>> pike_hash4 = "$5$rounds=10000$PKoyOiOCTDQTwjBS$jgKXglMIaloY8JPEz/Zp14q1S6qrG2DShYeEUuO4YC4"
>>> sha256_crypt.verify("pass",pike_hash4)
False
```
------------------
Openssl:
```
$ openssl passwd -6 -salt 'rounds=10000$salt' 'pass'
$6$rounds=10000$salt$OSEwMhCIwtjyui53YYIYdyKYKKMcnmS2EbioMYM3/7ya4jWlyYim8VJvMW4cVEgVkO.a.YBgUKiMtpAGUQSXf.
$ openssl passwd -6 -salt 'rounds=10000$salt' 'password'
$6$rounds=10000$salt$dE5fLfpn2uXfkz.eouwYK/BjrHRu.piovQPjwlE06fDJHwMlg2l.IqEBUIfWBzf7YPXOAddB3FM7rnXHHKVNt.
$ openssl passwd -5 -salt 'rounds=10000$salt' 'pass'
$5$rounds=10000$salt$Lffn09CeAx2gukDdao1thbgNhgpn41BG4JJNh0Nk6C/
$ openssl passwd -5 -salt 'rounds=10000$Pjj07C7RqLD+ydig' 'pass'
$5$rounds=10000$Pjj07C7RqLD+ydig$56R7PRLYPMhN07ZhnoGFCKkNK5.N0ZDY0hViH4yG19/
```
-----------------
MySQL:
```
SELECT ENCRYPT('pass', '$6$rounds=10000$salt');
$6$rounds=10000$salt$OSEwMhCIwtjyui53YYIYdyKYKKMcnmS2EbioMYM3/7ya4jWlyYim8VJvMW4cVEgVkO.a.YBgUKiMtpAGUQSXf.
SELECT ENCRYPT('password', '$6$rounds=10000$salt');
$6$rounds=10000$salt$dE5fLfpn2uXfkz.eouwYK/BjrHRu.piovQPjwlE06fDJHwMlg2l.IqEBUIfWBzf7YPXOAddB3FM7rnXHHKVNt.
SELECT ENCRYPT('pass', '$5$rounds=10000$salt');
$5$rounds=10000$salt$Lffn09CeAx2gukDdao1thbgNhgpn41BG4JJNh0Nk6C/
SELECT ENCRYPT('pass', '$5$rounds=10000$Pjj07C7RqLD+ydig');
$5$rounds=10000$Pjj07C7RqLD+ydig$56R7PRLYPMhN07ZhnoGFCKkNK5.N0ZDY0hViH4yG19/
```
-----------------
I await your response, thank you for your time.
Yours truthfully,
Ricard Garra Oronich
Desarollador de Núcleo | Core Developer
rgarra@lleida.net
(+34) 680 423 701
[http://www.lleida.net/mailing/fires/signatura.png]
Parc Científic i Tecnològic Agroalimentari de Lleida
Edifici H1 2a planta B | 25003 Lleida (Spain)
Tel. (+34) 973 282 300
Fax (+34) 973 282 195
www.lleida.net<http://www.lleida.net>
Política de privacidad<http://www.lleida.net/es/privacy.html>
```
(26091551) /Ricard Garra Oronich <rgarra@lleida.net>/
```Pike 9.0https://git.lysator.liu.se/pikelang/pike/-/issues/10135Preprocessor hides doubles variable assignment in macro on Debian2023-11-17T10:15:21ZJoshua RogersPreprocessor hides doubles variable assignment in macro on DebianHi there,
I've encountered a strange bug where a newer version of Pike (commit 7303bc4ccce6ac86e2fc7ca53a71365edaa61475) is swallowing up some variable assignments. Specifically, when two variable assignments are used in combination wit...Hi there,
I've encountered a strange bug where a newer version of Pike (commit 7303bc4ccce6ac86e2fc7ca53a71365edaa61475) is swallowing up some variable assignments. Specifically, when two variable assignments are used in combination with a macro.
I have the following code:
```pike
#define ERR_CONT(TYPE,CARR,FMT,ARGS ...) write(FMT, ARGS); write("\n");
int main() {
ERR_CONT(1, 1, "%s", "one");
ERR_CONT(1, 1, "%s %s", "one", "two");
ERR_CONT(1, 1, "%s %s %s", "one", "two", "three");
ERR_CONT(1, 1, "%s %d", "one", 2);
ERR_CONT(1, 1, "%s %d %d", "one", 2, 3);
ERR_CONT(1, 1, "%s %d %s", "one", 2, "three");
}
```
which when preprocessed using Pike v8.0 release 1116 on Debian 11, provides the expected result:
```pike
$ pike -E test2.pike
#line 1 "test2.pike"
int main() {
write( "%s" , "one" ); write("\n");;
write( "%s %s" , "one", "two" ); write("\n");;
write( "%s %s %s" , "one", "two", "three" ); write("\n");;
write( "%s %d" , "one", 2 ); write("\n");;
write( "%s %d %d" , "one", 2, 3 ); write("\n");;
write( "%s %d %s" , "one", 2, "three" ); write("\n");;
}
```
However, using the version compiled from 7303bc4ccce6ac86e2fc7ca53a71365edaa61475, the assignments with two variables do not compile as intended:
```pike
$ ~/pike/build/linux-5.10.0-26-amd64-x86_64/pike -E test2.pike
#line 1 "test2.pike"
int main() {
write( "%s" , "one" ); write("\n");;
write( "%s %s" , ); write("\n");;
write( "%s %s %s" , "one","two","three" ); write("\n");;
write( "%s %d" , ); write("\n");;
write( "%s %d %d" , "one",2,3 ); write("\n");;
write( "%s %d %s" , "one",2,"three" ); write("\n");;
}
```
As we can see, ` write( "%s %s" , ); write("\n");;` and ` write( "%s %d" , ); write("\n");;` are completely missing their variables.
Unfortunately I have no clue as to why.
I also went back to commit 43680aa756ae3f5bfd60843785ff6f076eeb4ee8 and compiled from there, and same issue occurs.
Cheers,
JoshPike 9.0https://git.lysator.liu.se/pikelang/pike/-/issues/10077Crypto.DSA verifies signature with modified R/S values2023-11-06T12:25:25ZJoshua RogersCrypto.DSA verifies signature with modified R/S valuesHi,
While conducting some tests based on [Wycheproof](https://github.com/google/wycheproof), Crypto.DSA fails one (out of ~70) test for "Modified r or s, e.g. by adding or subtracting the group order".
The following test should fail, b...Hi,
While conducting some tests based on [Wycheproof](https://github.com/google/wycheproof), Crypto.DSA fails one (out of ~70) test for "Modified r or s, e.g. by adding or subtracting the group order".
The following test should fail, but is verified as a legitimate signature:
```
int main() {
mapping(string:string) key = ([
"g" : "16a65c58204850704e7502a39757040d34da3a3478c154d4e4a5c02d242ee04f96e61e4bd0904abdac8f37eeb1e09f3182d23c9043cb642f88004160edf9ca09b32076a79c32a627f2473e91879ba2c4e744bd2081544cb55b802c368d1fa83ed489e94e0fa0688e32428a5c78c478c68d0527b71c9a3abb0b0be12c44689639e7d3ce74db101a65aa2b87f64c6826db3ec72f4b5599834bb4edb02f7c90e9a496d3a55d535bebfc45d4f619f63f3dedbb873925c2f224e07731296da887ec1e4748f87efb5fdeb75484316b2232dee553ddaf02112b0d1f02da30973224fe27aeda8b9d4b2922d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1ef17dbde",
"p" : "008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d8181e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c05763939601cd667",
"q" : "00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d",
"y" : "1e77f842b1ae0fcd9929d394161d41e14614ff7507a9a31f4a1f14d22e2a627a1f4e596624883f1a5b168e9425146f22d5f6ee28757414714bb994ba1129f015d6e04a717edf9b530a5d5cab94f14631e8b4cf79aeb358cc741845553841e8ac461630e804a62f43676ba6794af66899c377b869ea612a7b9fe6611aa96be52eb8b62c979117bbbcca8a7ec1e1ffab1c7dfcfc7048700d3ae3858136e897701d7c2921b5dfef1d1f897f50d96ca1b5c2edc58cada18919e35642f0807eebfa00c99a32f4d095c3188f78ed54711be0325c4b532aeccd6540a567c327225440ea15319bde06510479a1861799e25b57decc73c036d75a0702bd373ca231349931",
]);
string msg = String.hex2string("313233343030");
string sig = String.hex2string("303e021d00a545d62d6e336775fb6a9b8495721646a54bd8c6173fc0a2295a1b7b021d00c178f07615a75535ca0ee2274e824a59fef7f79ef575a73a1e040e05");
mixed state = Crypto.DSA.State();
state->set_public_key(Gmp.mpz(key["p"], 16), Gmp.mpz(key["q"], 16), Gmp.mpz(key["g"], 16), Gmp.mpz(key["y"], 16));
bool res = state->pkcs_verify(msg, Crypto.SHA224, sig);
if(res)
write("success!\n");
return 0;
}
```
Unfortunately I cannot offer more support on this, but if you have any questions, please let me know.
Cheers,
Joshhttps://git.lysator.liu.se/pikelang/pike/-/issues/10130Internal compiler error triggered by syntax error in implicit create argument...2023-11-01T08:21:13ZHenrik (Grubba) GrubbströmInternal compiler error triggered by syntax error in implicit create argument listObserved in the wild:
```
$ cat Bang.pmod
class Bang(pang) {
void bang() {}
}
$ pike -M.
Pike v8.0 release 1738 running Hilfe v3.5 (Incremental Pike Frontend)
> Bang;
Bang.pmod:1:syntax error, unexpected ')', expecting TOK_IDENTIFIER
...Observed in the wild:
```
$ cat Bang.pmod
class Bang(pang) {
void bang() {}
}
$ pike -M.
Pike v8.0 release 1738 running Hilfe v3.5 (Incremental Pike Frontend)
> Bang;
Bang.pmod:1:syntax error, unexpected ')', expecting TOK_IDENTIFIER
Bang.pmod:2:Missing ';'.
Bang.pmod:3:Missing ';'.
/var/tmp/portage/dev-lang/pike-8.0.1738-r3/work/Pike-v8.0.1738/src/block_allocator.c:311: Fatal error:
ptr 0x55a2c30fd730 not in any page.
Backtrace at time of fatal:
-:1:
PikeCompiler("", Tools.Hilfe.StdinHilfe()->HilfeCompileHandler(), -1, -1, UNDEFINED, UNDEFINED)->compile()
-:1:
DefaultCompilerEnvironment->compile(PikeCompiler("", Tools.Hilfe.StdinHilfe()->HilfeCompileHandler(), -1, -1, UNDEFINED, UNDEFINED))
/usr/lib64/pike/master.pike:743:
compile_string("mapping(string:mixed) ___hilfe = ___Hilfe->variables;\n# 1\nmixed ___HilfeWrapper() { return Bang; ; }\n","HilfeInput",Tools.Hilfe.StdinHilfe()->HilfeCompileHandler(),UNDEFINED,UNDEFINED,UNDEFINED)
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:2311:
Tools.Hilfe.StdinHilfe()->hilfe_compile("mixed ___HilfeWrapper() { return Bang; ; }",UNDEFINED)
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:2352:
Tools.Hilfe.StdinHilfe()->evaluate("mixed ___HilfeWrapper() { return Bang; ; }",1)
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:2097:
Tools.Hilfe.StdinHilfe()->parse_expression(Tools.Hilfe.Expression(({ /* 2 elements */
"Bang",
";"
})))
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:1651:
Tools.Hilfe.StdinHilfe()->add_buffer("Bang;")
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:1598:
Tools.Hilfe.StdinHilfe()->add_input_line("Bang;")
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:2562:
Tools.Hilfe.StdinHilfe()->create(UNDEFINED)
/usr/lib64/pike/modules/Tools.pmod/Hilfe.pmod:2481: Tools.Hilfe.StdinHilfe()
Aborted
```
The crash seems to be due to the nested program not being popped correctly.Pike 8.0https://git.lysator.liu.se/pikelang/pike/-/issues/10131Fix for #10130 is not sufficient in Pike master.2023-11-01T08:21:13ZHenrik (Grubba) GrubbströmFix for #10130 is not sufficient in Pike master.The testsuite test for #10130 crashes Pike master.
```
test_any([[
Stdio.write_file("testsuite_test.pmod",
#"
// Bug 10130.
// This crashed pike due to broken error recovery.
class Bang(pang) {
void bang() {}
}
");
// Compilation h...The testsuite test for #10130 crashes Pike master.
```
test_any([[
Stdio.write_file("testsuite_test.pmod",
#"
// Bug 10130.
// This crashed pike due to broken error recovery.
class Bang(pang) {
void bang() {}
}
");
// Compilation handler that hides compilation errors.
class handler
{
void compile_error(string file, int line, string err)
{
// log_msg("file: %O, line: %O, err: %O\n", file, line, err);
}
};
catch {
compile_string(".testsuite_test.Bang bang;\n", "testsuite_test", handler());
};
return 0;
]],0);
```Pike 9.0https://git.lysator.liu.se/pikelang/pike/-/issues/10132Fix stack alignment issue with getxattr()2023-11-01T08:21:13ZHenrik (Grubba) GrubbströmFix stack alignment issue with getxattr()Apply [GitHub pull-request #42](https://github.com/pikelang/Pike/pull/42) for `src/modules/_Stdio/efuns.c`.
The issue applies to Pike 7.8 and later.Apply [GitHub pull-request #42](https://github.com/pikelang/Pike/pull/42) for `src/modules/_Stdio/efuns.c`.
The issue applies to Pike 7.8 and later.Pike 7.8https://git.lysator.liu.se/pikelang/pike/-/issues/10128switch with mapping lookup table broken on several 32-bit architectures.2023-07-04T08:48:38ZHenrik (Grubba) Grubbströmswitch with mapping lookup table broken on several 32-bit architectures.The fix for #10125 seems to have broken the `switch`-statement in `Locale.Language.nld.snumber()` several architectures fail the testsuite for `Web.RDF` with an infinite loop where `snumber(1)` appears to trigger the `default`-case.The fix for #10125 seems to have broken the `switch`-statement in `Locale.Language.nld.snumber()` several architectures fail the testsuite for `Web.RDF` with an infinite loop where `snumber(1)` appears to trigger the `default`-case.Pike 9.0https://git.lysator.liu.se/pikelang/pike/-/issues/10117System.RegGetValue{,s} does not handle DWORD entries correctly.2023-05-03T09:33:46ZHenrik (Grubba) GrubbströmSystem.RegGetValue{,s} does not handle DWORD entries correctly.`src/modules/system/nt.c:push_regvalue()` uses the wrong shifts for bytes other than the LSB:
```
case REG_DWORD_LITTLE_ENDIAN:
push_int(EXTRACT_UCHAR(buffer)+
(EXTRACT_UCHAR(buffer+1)<<1)+
(EXTRAC...`src/modules/system/nt.c:push_regvalue()` uses the wrong shifts for bytes other than the LSB:
```
case REG_DWORD_LITTLE_ENDIAN:
push_int(EXTRACT_UCHAR(buffer)+
(EXTRACT_UCHAR(buffer+1)<<1)+
(EXTRACT_UCHAR(buffer+2)<<2)+
(EXTRACT_UCHAR(buffer+3)<<3));
break;
case REG_DWORD_BIG_ENDIAN:
push_int(EXTRACT_UCHAR(buffer+3)+
(EXTRACT_UCHAR(buffer+2)<<1)+
(EXTRACT_UCHAR(buffer+1)<<2)+
(EXTRACT_UCHAR(buffer)<<3));
break;
```
Fortunately it seems like the most common DWORD entries in the registry are <= 255.
This bug has been there since the original implementation of `System.RegGetValues()` et al in commit 53bdc644af4c8f3def29230b0dc38b7640561708 (`src/modules/system/nt.c:1.18`) in Pike 7.1.5.
Note that the bug is also present in Pike 7.0.318 and later due to a backport in commit 9481e19ee7753e06292231699f04c21841a2b6a1 (`src/modules/system/nt.c:1.19`).
The bug should be fixed in all relevant versions of Pike.Pike Nexthttps://git.lysator.liu.se/pikelang/pike/-/issues/10066Segfault from Pike 8.1 - possible type check issue?2023-01-01T12:57:15ZHenrik (Grubba) GrubbströmSegfault from Pike 8.1 - possible type check issue?From the Pike developers mailinglist [LysLysKOM 24913337]:
```
24913337 idag 08:30 /14 rader/ Chris Angelico <rosuav@gmail.com>
Extern mottagare: Pike Developers <pike-devel@lists.lysator.liu.se>
Mottagare: Pike (-) developers forum <21...From the Pike developers mailinglist [LysLysKOM 24913337]:
```
24913337 idag 08:30 /14 rader/ Chris Angelico <rosuav@gmail.com>
Extern mottagare: Pike Developers <pike-devel@lists.lysator.liu.se>
Mottagare: Pike (-) developers forum <21243>
Ärende: Segfault from Pike 8.1 - possible type check issue?
```
```
float thing_sum(array(string) things) {
return `+(@(array(float))things) + 1.0;
}
```
Without the "+ 1.0" at the end (or some other arithmetic operation),
it doesn't bomb out.
GDB is pointing to src/pike_types.cmod:11185 which is just an
assignment, but I suspect the issue is the add_ref above it.
Unfortunately that line gets hit a LOT, so I didn't get very far with
debugging.
ChrisA
```
(24913337) /Chris Angelico <rosuav@gmail.com>/------
```https://git.lysator.liu.se/pikelang/pike/-/issues/10076Crypto.DSA verifies pkcs signature with certain degree of malleability2023-01-01T12:52:16ZJoshua RogersCrypto.DSA verifies pkcs signature with certain degree of malleabilityHi,
During some tests, I've noticed that Crypto.DSA.State()->pkcs_verify() verifies a PKCS signature even if the length of the ASN.1 signature contains both trailing, and appended, zeros. e.g. 0x00000123 is accepted, even though 0x0123 ...Hi,
During some tests, I've noticed that Crypto.DSA.State()->pkcs_verify() verifies a PKCS signature even if the length of the ASN.1 signature contains both trailing, and appended, zeros. e.g. 0x00000123 is accepted, even though 0x0123 is the correct value: "This is a signature with correct values for (r, s) but using some alternative BER encoding instead of DER encoding. Implementations should not accept such signatures to limit signature malleability"
The following test should not succeed:
```
int main() {
mapping(string:string) key = ([
"g" : "16a65c58204850704e7502a39757040d34da3a3478c154d4e4a5c02d242ee04f96e61e4bd0904abdac8f37eeb1e09f3182d23c9043cb642f88004160edf9ca09b32076a79c32a627f2473e91879ba2c4e744bd2081544cb55b802c368d1fa83ed489e94e0fa0688e32428a5c78c478c68d0527b71c9a3abb0b0be12c44689639e7d3ce74db101a65aa2b87f64c6826db3ec72f4b5599834bb4edb02f7c90e9a496d3a55d535bebfc45d4f619f63f3dedbb873925c2f224e07731296da887ec1e4748f87efb5fdeb75484316b2232dee553ddaf02112b0d1f02da30973224fe27aeda8b9d4b2922d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1ef17dbde",
"p" : "008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d8181e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c05763939601cd667",
"q" : "00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d",
"y" : "1e77f842b1ae0fcd9929d394161d41e14614ff7507a9a31f4a1f14d22e2a627a1f4e596624883f1a5b168e9425146f22d5f6ee28757414714bb994ba1129f015d6e04a717edf9b530a5d5cab94f14631e8b4cf79aeb358cc741845553841e8ac461630e804a62f43676ba6794af66899c377b869ea612a7b9fe6611aa96be52eb8b62c979117bbbcca8a7ec1e1ffab1c7dfcfc7048700d3ae3858136e897701d7c2921b5dfef1d1f897f50d96ca1b5c2edc58cada18919e35642f0807eebfa00c99a32f4d095c3188f78ed54711be0325c4b532aeccd6540a567c327225440ea15319bde06510479a1861799e25b57decc73c036d75a0702bd373ca231349931",
]);
string msg = String.hex2string("313233343030");
string sig = String.hex2string("3082003d021d00a545d62d6e336775fb6a9b8495721646a54bd8c6173fc0a2295a1b7b021c068259cf902e5d55eb26e7bf850a82d40fc5456b3a902679612ea4a8");
mixed state = Crypto.DSA.State();
state->set_public_key(Gmp.mpz(key["p"], 16), Gmp.mpz(key["q"], 16), Gmp.mpz(key["g"], 16), Gmp.mpz(key["y"], 16));
bool res = state->pkcs_verify(msg, Crypto.SHA224, sig);
if(res)
write("success!\n");
return 0;
}
```
Some more information about this issue can be found here: https://github.com/kjur/jsrsasign/issues/437 (the issues "long form encoding of length of sequence", "length of sequence contains leading 0", and "prepending 0's to integer" all occur in Pike), and https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963.
Please let me know if you need more information.
Cheers,
Joshhttps://git.lysator.liu.se/pikelang/pike/-/issues/10097Compiler C Stack overflow in type checker.2022-10-17T13:35:20ZHenrik (Grubba) GrubbströmCompiler C Stack overflow in type checker.LysLysKOM 25574453:
```
25574453 2022-10-16 10:01 /14 rader/ Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
Mottagare: Henrik Grubbström (Lysator) <17112>
Mottagare: Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) <17998>
Mottaget: 2022-10-16...LysLysKOM 25574453:
```
25574453 2022-10-16 10:01 /14 rader/ Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
Mottagare: Henrik Grubbström (Lysator) <17112>
Mottagare: Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) <17998>
Mottaget: 2022-10-16 10:01
Ärende: C stack overflow
------------------------------------------------------------
Jag försökte minimera ett fall för att reproducera den C stack
overflow som är i testsuite nu. Jag kom fram till följande:
Pike v8.1 release 18 running Hilfe v3.5 (Incremental Pike Frontend)
> compile_string("void a() { foreach(({`/, `^});; function op); }");
C stack overflow.
-:1: PikeCompiler("", -1, -1, UNDEFINED, UNDEFINED)->compile()
master.pike:1088:
DefaultCompilerEnvironment->compile("void a() { foreach(({`/, `^});; function op); }",UNDEFINED,-1,-1,UNDEFINED,UNDEFINED)
master.pike:1102:
compile("void a() { foreach(({`/, `^});; function op); }",UNDEFINED,-1,-1,UNDEFINED,UNDEFINED)
master.pike:1183:
compile_string("void a() { foreach(({`/, `^});; function op); }","-",UNDEFINED,UNDEFINED,UNDEFINED,UNDEFINED)
>
(25574453) /Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)/
Kommentar i text 25574467 av Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
```
```
25574467 2022-10-16 10:26 /26 rader/ Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
Kommentar till text 25574453 av Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
Mottagare: Henrik Grubbström (Lysator) <17113>
Mottagare: Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) <17999>
Ärende: C stack overflow
------------------------------------------------------------
BTW, om man försöker detta direkt i Hilfe så döljs felen:
Pike v8.1 release 18 running Hilfe v3.5 (Incremental Pike Frontend)
> foreach(({`/, `^});; function op) write("%O\n", op);
> void a() { foreach(({`/, `^});; function op); }
> a();
Compiler Error: 1: Undefined identifier a.
Compiler Error: 1: Calling a void expression.
>
Notera att det inte blev någon utskrift och att "a" inte blev
definierad. I 8.0:
Pike v8.0 release 1738 running Hilfe v3.5 (Incremental Pike Frontend)
> foreach(({`/, `^});; function op) write("%O\n", op);
`/
`^
Ok.
> void a() { foreach(({`/, `^});; function op); }
> a();
Compiler Warning: 1: Returning a void expression. Converted to zero.
(1) Result: 0
>
Känns som att det kanske hade varit trevligt att få någon indikation
på att något gick fel?
(25574467) /Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)/
```Pike 9.0https://git.lysator.liu.se/pikelang/pike/-/issues/10089Coredump with new array type2022-09-02T08:47:56ZMartin NilssonCoredump with new array type```Pike v8.1 release 18 running Hilfe v3.5 (Incremental Pike Frontend)
> array(3) foo;
Program received signal SIGSEGV, Segmentation fault.
0x000055555562457d in debug_push_int_type (min=min@entry=-2147483648,
max=max@entry=21474836...```Pike v8.1 release 18 running Hilfe v3.5 (Incremental Pike Frontend)
> array(3) foo;
Program received signal SIGSEGV, Segmentation fault.
0x000055555562457d in debug_push_int_type (min=min@entry=-2147483648,
max=max@entry=2147483647) at /home/nilsson/pike/src/pike_types.cmod:843
843 *(++Pike_compiler->type_stackp) = mk_type(T_INT,
(gdb) bt
#0 0x000055555562457d in debug_push_int_type (min=min@entry=-2147483648,
max=max@entry=2147483647) at /home/nilsson/pike/src/pike_types.cmod:843
#1 0x0000555555596671 in yyparse () at language.yacc:1707
#2 0x000055555566e920 in do_yyparse ()
at /home/nilsson/pike/src/pike_compiler.cmod:370
#3 0x0000555555672be5 in run_pass1 (c=0x555555b33ed0)
at /home/nilsson/pike/src/pike_compiler.cmod:1160
#4 f_compilation_compile (args=<optimized out>)
at /home/nilsson/pike/src/pike_compiler.cmod:1774
#5 0x00005555555a97fe in lower_mega_apply (args=args@entry=0,
o=o@entry=0x555555a5ecf8, fun=1) at /home/nilsson/pike/src/interpret.c:2586
#6 0x00005555555aa2a2 in jump_opcode_F_CALL_OTHER (arg1=13)
at /home/nilsson/pike/src/interpret_functions.h:2428
```Pike 9.0Henrik (Grubba) GrubbströmHenrik (Grubba) Grubbströmhttps://git.lysator.liu.se/pikelang/pike/-/issues/10084reverse() on strings with offset is broken.2022-07-06T11:04:39ZHenrik (Grubba) Grubbströmreverse() on strings with offset is broken.```
Pike v8.0 release 1738 running Hilfe v3.5 (Incremental Pike Frontend)
> reverse("foobar", 2, 4);
(1) Result: "fof\0\0r"
```
The expected result is `"foabor"`.
The bug seems to have been introduced in commit 2b888e46f63e90ec2b21eedc...```
Pike v8.0 release 1738 running Hilfe v3.5 (Incremental Pike Frontend)
> reverse("foobar", 2, 4);
(1) Result: "fof\0\0r"
```
The expected result is `"foabor"`.
The bug seems to have been introduced in commit 2b888e46f63e90ec2b21eedc1926e2a30703b837 (when the feature was added).Pike 7.8Henrik (Grubba) GrubbströmHenrik (Grubba) Grubbströmhttps://git.lysator.liu.se/pikelang/pike/-/issues/10075Crypto.DSA infinite loop in pkcs_verify()2022-03-01T13:41:06ZJoshua RogersCrypto.DSA infinite loop in pkcs_verify()Hi there,
While doing some tests of Crypto.DSA, I've come across two (likely related) cases of a call to `Crypto.DSA.State()->pkcs_verify()` resulting in an infinite loop in Gmp.
I have two test-cases. One is where `sign` is empty:
```...Hi there,
While doing some tests of Crypto.DSA, I've come across two (likely related) cases of a call to `Crypto.DSA.State()->pkcs_verify()` resulting in an infinite loop in Gmp.
I have two test-cases. One is where `sign` is empty:
```
int main() {
mixed state1 = Crypto.DSA.State();
state1->set_public_key(Gmp.mpz("008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d8181e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c05763939601cd667", 16), Gmp.mpz("00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", 16), Gmp.mpz("16a65c58204850704e7502a39757040d34da3a3478c154d4e4a5c02d242ee04f96e61e4bd0904abdac8f37eeb1e09f3182d23c9043cb642f88004160edf9ca09b32076a79c32a627f2473e91879ba2c4e744bd2081544cb55b802c368d1fa83ed489e94e0fa0688e32428a5c78c478c68d0527b71c9a3abb0b0be12c44689639e7d3ce74db101a65aa2b87f64c6826db3ec72f4b5599834bb4edb02f7c90e9a496d3a55d535bebfc45d4f619f63f3dedbb873925c2f224e07731296da887ec1e4748f87efb5fdeb75484316b2232dee553ddaf02112b0d1f02da30973224fe27aeda8b9d4b2922d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1ef17dbde", 16), Gmp.mpz("1e77f842b1ae0fcd9929d394161d41e14614ff7507a9a31f4a1f14d22e2a627a1f4e596624883f1a5b168e9425146f22d5f6ee28757414714bb994ba1129f015d6e04a717edf9b530a5d5cab94f14631e8b4cf79aeb358cc741845553841e8ac461630e804a62f43676ba6794af66899c377b869ea612a7b9fe6611aa96be52eb8b62c979117bbbcca8a7ec1e1ffab1c7dfcfc7048700d3ae3858136e897701d7c2921b5dfef1d1f897f50d96ca1b5c2edc58cada18919e35642f0807eebfa00c99a32f4d095c3188f78ed54711be0325c4b532aeccd6540a567c327225440ea15319bde06510479a1861799e25b57decc73c036d75a0702bd373ca231349931", 16));
state1->pkcs_verify(String.hex2string("313233343030"), Crypto.SHA224, "");
}
```
and the other is when it is non-empty:
```
int main() {
mixed state1 = Crypto.DSA.State();
state1->set_public_key(Gmp.mpz("008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d8181e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c05763939601cd667", 16), Gmp.mpz("00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", 16), Gmp.mpz("16a65c58204850704e7502a39757040d34da3a3478c154d4e4a5c02d242ee04f96e61e4bd0904abdac8f37eeb1e09f3182d23c9043cb642f88004160edf9ca09b32076a79c32a627f2473e91879ba2c4e744bd2081544cb55b802c368d1fa83ed489e94e0fa0688e32428a5c78c478c68d0527b71c9a3abb0b0be12c44689639e7d3ce74db101a65aa2b87f64c6826db3ec72f4b5599834bb4edb02f7c90e9a496d3a55d535bebfc45d4f619f63f3dedbb873925c2f224e07731296da887ec1e4748f87efb5fdeb75484316b2232dee553ddaf02112b0d1f02da30973224fe27aeda8b9d4b2922d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1ef17dbde", 16), Gmp.mpz("1e77f842b1ae0fcd9929d394161d41e14614ff7507a9a31f4a1f14d22e2a627a1f4e596624883f1a5b168e9425146f22d5f6ee28757414714bb994ba1129f015d6e04a717edf9b530a5d5cab94f14631e8b4cf79aeb358cc741845553841e8ac461630e804a62f43676ba6794af66899c377b869ea612a7b9fe6611aa96be52eb8b62c979117bbbcca8a7ec1e1ffab1c7dfcfc7048700d3ae3858136e897701d7c2921b5dfef1d1f897f50d96ca1b5c2edc58cada18919e35642f0807eebfa00c99a32f4d095c3188f78ed54711be0325c4b532aeccd6540a567c327225440ea15319bde06510479a1861799e25b57decc73c036d75a0702bd373ca231349931", 16));
state1->pkcs_verify(String.hex2string("3130353336323835353638"), Crypto.SHA256, String.hex2string("a2184515521e4c5d26f05590543c696ca2bd04b7754a18107d7f62744fbcb3a52ee80de3dca53339c3f6b2196afe3c540adfeb92686029f2"));
}
```
Unfortunately, I'm not able to offer any suggestions as to why this happens, but please let me know if you have any questions.
Cheers,
JoshPike 8.0https://git.lysator.liu.se/pikelang/pike/-/issues/10074Crypto.AES.CCM produces incorrect results2021-12-09T09:35:17ZJoshua RogersCrypto.AES.CCM produces incorrect resultsHi there,
While performing some unit tests with Pike's Crypto.AES.CCM, I've run into an issue of the digest function producing "incorrect" results.
During my tests, I'm using two unit tests.
The first test is:
```
key: 1a44f3550688fddb...Hi there,
While performing some unit tests with Pike's Crypto.AES.CCM, I've run into an issue of the digest function producing "incorrect" results.
During my tests, I'm using two unit tests.
The first test is:
```
key: 1a44f3550688fddbc1e5041dc98952c0
iv: 5d2904298f668ba95eaa1797
aad: d55908958b70abee81054cdf3d3df5
msg:
expected digest: 5c71b4f069cfa13b7634db4b13e7be7d
```
And the second test is:
```
key: 439fd5c3b76587d5a601ba6ef8fad214
iv: ed1d316d0834d174c1b5b438
aad: eae252f42d2c71
msg:
expected digest: e8530426cbabf63633ff373159247e38
```
The **second** test results in the the digest value of "e8530426cbabf63633ff373159247e38". This is the same value as seen in openssl using the following C source code (`gcc test.c -lcrypto`):
```
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
void str2hex(char *, char*, int);
void printBytes(unsigned char *, size_t );
int main() {
unsigned char *aad, *pt, *key, *nonce;
int Klen, Alen, Nlen, Plen, Tlen, Clen;
int outl = 0;
key = "439fd5c3b76587d5a601ba6ef8fad214";
aad = "eae252f42d2c71";
nonce = "ed1d316d0834d174c1b5b438";
pt = "";
Klen = strlen(key) / 2;
Alen = strlen(aad) / 2;
Nlen = strlen(nonce) / 2;
Plen = strlen(pt) / 2;
Tlen = 16;
Clen = Plen + Tlen;
unsigned char keyy[Klen], aadd[Alen], noncee[Nlen], ptt[Plen];
unsigned char ct[Clen], dt[Plen];
str2hex(key, keyy, Klen);
str2hex(pt, ptt, Plen);
str2hex(aad, aadd, Alen);
str2hex(nonce, noncee, Nlen);
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(ctx);
EVP_EncryptInit(ctx, EVP_aes_128_ccm(), 0, 0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
EVP_EncryptInit(ctx, 0, keyy, noncee);
EVP_EncryptUpdate(ctx, 0, &outl, 0, Plen);
EVP_EncryptUpdate(ctx, 0, &outl, aadd, Alen);
EVP_EncryptUpdate(ctx, ct, &outl, ptt, Plen);
EVP_EncryptFinal(ctx, &ct[outl], &outl);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, Tlen, ct + Plen);
printf("plaintext' = %s", pt);
printf("\n");
printf("\nciphertext : ");
printBytes(ct, Clen);
EVP_DecryptInit(ctx, EVP_aes_128_ccm(), 0, 0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, Tlen, ct + Plen);
EVP_DecryptInit(ctx, 0, keyy, noncee);
EVP_DecryptUpdate(ctx, 0, &outl, 0, Plen);
EVP_DecryptUpdate(ctx, 0, &outl, aadd, Alen);
EVP_DecryptUpdate(ctx, dt, &outl, ct, Plen);
EVP_DecryptFinal(ctx, &dt[outl], &outl);
printf("plaintext : ");
printBytes(dt, Plen);
return 0;
}
void str2hex(char *str, char *hex, int len) {
int tt, ss;
unsigned char temp[4];
for (tt = 0, ss = 0; tt < len, ss < 2 * len; tt++, ss += 2) {
temp[0] = '0';
temp[1] = 'x';
temp[2] = str[ss];
temp[3] = str[ss + 1];
hex[tt] = (int) strtol(temp, NULL, 0);
}
}
void printBytes(unsigned char *buf, size_t len) {
int i;
for (i = 0; i < len; i++) {
printf("%02x", buf[i]);
}
printf("\n");
}
```
However, the **first** test does not succeed. Pike produces the digest "7a627cad3a11cb4192566a040d801fa8", while the C code (edited accordingly) produces the expected result, "5c71b4f069cfa13b7634db4b13e7be7d".
The following Pike code annotates my concerns:
```
int main() {
mixed state1 = Crypto.AES.CCM.State();
state1->set_encrypt_key(String.hex2string("1a44f3550688fddbc1e5041dc98952c0"));
state1->set_iv(String.hex2string("5d2904298f668ba95eaa1797"));
state1->update(String.hex2string("d55908958b70abee81054cdf3d3df5"));
string ct1 = state1->crypt(String.hex2string(""));
string dig1 = state1->digest();
if(String.string2hex(dig1) != "5c71b4f069cfa13b7634db4b13e7be7d")
write("First one did not match. Got %s, expected %s.\n", String.string2hex(dig1), "5c71b4f069cfa13b7634db4b13e7be7d");
mixed state2 = Crypto.AES.CCM.State();
state2->set_encrypt_key(String.hex2string("439fd5c3b76587d5a601ba6ef8fad214"));
state2->set_iv(String.hex2string("ed1d316d0834d174c1b5b438"));
state2->update(String.hex2string("eae252f42d2c71"));
string ct2 = state2->crypt(String.hex2string(""));
string dig2 = state2->digest();
if(String.string2hex(dig2) != "e8530426cbabf63633ff373159247e38")
write("Second one did not match. Got %s, expected %s.\n", String.string2hex(dig2), "e8530426cbabf63633ff373159247e38");
}
```
I have no explanation for the incorrect results, unfortunately.
Any support is welcome.
Thank you.Pike 8.0https://git.lysator.liu.se/pikelang/pike/-/issues/10055Race-condition in Concurrent.Promise()->finalise()2020-10-26T13:49:08ZHenrik (Grubba) GrubbströmRace-condition in Concurrent.Promise()->finalise()Callbacks may get lost due to a race condition.
```mermaid
sequenceDiagram
participant T1 as Thread 1
participant P as Promise
participant T2 as Thread 2
T2->>P: success()
Note right of P: success_cbs read.
T1->>P: on_su...Callbacks may get lost due to a race condition.
```mermaid
sequenceDiagram
participant T1 as Thread 1
participant P as Promise
participant T2 as Thread 2
T2->>P: success()
Note right of P: success_cbs read.
T1->>P: on_success()
activate P
Note right of P: success_cbs updated.
P->>T1: returns
deactivate P
T2->>P: success() calls finalise()
activate P
Note right of P: Old success_cbs called.
Note right of P: success_cbs cleared.
P->>T2: returns
deactivate P
Note right of P: The callback installed by Thread 1 has been lost.
```Pike 8.0Henrik (Grubba) GrubbströmHenrik (Grubba) Grubbströmhttps://git.lysator.liu.se/pikelang/pike/-/issues/10050Crypto.Password.verify() fails intermittently with EINVAL on RHEL 8.2020-08-14T09:38:59ZHenrik (Grubba) GrubbströmCrypto.Password.verify() fails intermittently with EINVAL on RHEL 8.Pike 8.0.1050
`Crypto.Password.verify()` (or rather `predef::crypt()`) fails intermittently with `EINVAL` (22) on RedHat Enterprise Linux 8:
```
Running test etc/test/tests/rxml/RoxenTest_RXMLTags.xml
Enabling Tags: HTML washer
########...Pike 8.0.1050
`Crypto.Password.verify()` (or rather `predef::crypt()`) fails intermittently with `EINVAL` (22) on RedHat Enterprise Linux 8:
```
Running test etc/test/tests/rxml/RoxenTest_RXMLTags.xml
Enabling Tags: HTML washer
################ Background failure
| ################ Error at line 393:
| <eval><maketag type='tag' name='set'><attrib name='variable'>var.i</attrib><attrib name='value'><crypt>foobar</crypt></attrib></maketag></eval><eval><maketag name='crypt' type='container'><attrib name='compare'>&var.i;</attrib>foobar</maketag></eval><then>1</then><else>0</else>
| [Pass 2 (p-code)] Failed (backtrace): Unsupported salt (22).
| RXML frame backtrace:
| | <crypt compare="$6$f+08ZlzC/fNPECMh$s5yICn952nJoDP.oejYEjHz5RyNsCl6L6L9QubTUVlWe4Zi50camGWSk4gtduWaNkYRbq5suLoYANr1DL.qac0">
| | <eval>
| pike/lib/modules/Crypto.pmod/Password.pmod:144: verify_password("foobar","$6$f+08ZlzC/fNPECMh$s5yICn952nJoDP.oejYEjHz5RyNsCl6L6L9QubTUVlWe4Zi50camGWSk4gtduWaNkYRbq5suLoYANr1DL.qac0")
| modules/tags/rxmltags.pike (417e8bbe):3022: Frame(crypt)->do_return(InternalRequestID(conf=Configuration(Test server 1); not_query="/index.html"))
| etc/modules/RXML.pmod/module.pmod (ef58bd29):4974: Frame(crypt)->_eval(Context(),RXML.PXml(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set)),RXML.t_html(text/html, xml))
| etc/modules/RXML.pmod/module.pmod (ef58bd29):485: TagCrypt(crypt)->_p_xml_handle_tag(@0=RXML.PXml(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set)),mapping[1],"foobar")
| pike/lib/modules/Parser.pmod/_parser.so:1: RXML.PXml(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set))->finish("<crypt compare=\"$6$f+08ZlzC/fNPECMh$s5yICn952nJoDP.oejYEjHz5RyNsCl6L6L9QubTUVlWe4Zi50camGWSk4gtduWaNkYRbq5suLoYANr1DL.qac0\">foobar</crypt>")
| etc/modules/RXML.pmod/PXml.pike (8ce553d4):396: RXML.PXml(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set))->finish("<crypt compare=\"$6$f+08ZlzC/fNPECMh$s5yICn952nJoDP.oejYEjHz5RyNsCl6L6L9QubTUVlWe4Zi50camGWSk4gtduWaNkYRbq5suLoYANr1DL.qac0\">foobar</crypt>")
| etc/modules/RXML.pmod/module.pmod (ef58bd29):3886: Frame(eval)->_exec_array(@1=Context(),RXML.PCode(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set)),,,1)
| etc/modules/RXML.pmod/module.pmod (ef58bd29):4978: Frame(eval)->_eval(@2=Context(),@3=RXML.PCode(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set)),@4=RXML.t_html(text/html, xml))
| etc/modules/RXML.pmod/module.pmod (ef58bd29):9393: RXML.PCode(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set))->_eval(@2,0)
| etc/modules/RXML.pmod/module.pmod (ef58bd29):8788: RXML.PCode(RXML.t_html(text/html, xml),RXMLTagSet(Test server 1,rxml_tag_set))->eval(@2,UNDEFINED)
| modules/configuration/roxen_test.pike (2563376c):392: RoxenModule(Test server 1/roxen_test#0)->__lambda_66927_7_line_359(Parser._parser.HTML(),([]),"<eval><maketag type='tag' name='set'><attrib name='variable'>var.i</attrib><attrib name='value'><crypt>foobar</crypt></attrib><"+[111]+"etag></eval><then>1</then><else>0</else>")
| pike/lib/modules/Parser.pmod/_parser.so:1: Parser._parser.HTML()->finish("\n<rxml><eval><maketag type='tag' name='set'><attrib name='variable'>var.i</attrib><attrib name='value'><crypt>foobar</crypt></attrib></maketag></e"+[120]+"then><else>0</else></rxml>\n<result>1</result>\n")
| modules/configuration/roxen_test.pike (2563376c):612: RoxenModule(Test server 1/roxen_test#0)->xml_test(Parser._parser.HTML(),([]),"\n<rxml><eval><maketag type='tag' name='set'><attrib name='variable'>var.i</attrib><attrib name='value'><crypt>foobar</"+[157]+"e>0</else></rxml>\n<result>1</result>\n",mapping[392])
| pike/lib/modules/Parser.pmod/_parser.so:1: Parser._parser.HTML()->finish("<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n\n<!--\n All <add-module> statements must precede the p-code tests since\n altering the configura"+[104329]+"le. -->\n\n<drop-module>html_wash</drop-module>\n")
| modules/configuration/roxen_test.pike (2563376c):739: RoxenModule(Test server 1/roxen_test#0)->run_xml_tests("<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n\n<!--\n All <add-module> statements must precede the p-code tests since\n altering the configura"+[104329]+"le. -->\n\n<drop-module>html_wash</drop-module>\n")
| modules/configuration/roxen_test.pike (2563376c):114: RoxenModule(Test server 1/roxen_test#0)->__lambda_66927_0_line_108(RoxenModule(Test server 1/roxen_test#0)->run_xml_tests,({"<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n\n<!--\n All <add-module> statements must precede the p-co"+[104385]+"-module>html_wash</drop-module>\n"}))
| base_server/roxen.pike (a66e1c68):774: roxen()->handler_thread(11)
|
Disabling Tags: HTML washer
Did 784 tests, failed on 1, skipped 0, detected 1 background failures.
```Pike 8.0Henrik (Grubba) GrubbströmHenrik (Grubba) Grubbströmhttps://git.lysator.liu.se/pikelang/pike/-/issues/10049Disabling of threads broken in Pike 8.0.354.2020-07-24T10:54:29ZHenrik (Grubba) GrubbströmDisabling of threads broken in Pike 8.0.354.Observed in the wild:
```
Internal server error: Cannot wait for conditions when threads are disabled!
-:1: Thread.Queue(0)->wait(_static_modules.Builtin()->mutex_key())
pike/lib/modules/Thread.pmod:282: Thread.Queue(0)->read()
base_serv...Observed in the wild:
```
Internal server error: Cannot wait for conditions when threads are disabled!
-:1: Thread.Queue(0)->wait(_static_modules.Builtin()->mutex_key())
pike/lib/modules/Thread.pmod:282: Thread.Queue(0)->read()
base_server/roxen.pike (79dbb75e):717: roxen()->handler_thread(0)
```
The threads disable lock has most likely been taken by another thread running the code:
```
protected void dump_slow_req (Thread.Thread thread, float timeout)
{
object threads_disabled = _disable_threads();
int count = query ("slow_req_bt_count");
if (count > 0) set ("slow_req_bt_count", count - 1);
if (thread == backend_thread && !slow_be_call_out) {
// Avoid false alarms for the backend thread if we got here due to
// a race. Should perhaps have something like this for the handler
// threads too, but otoh races are more rare there due to the
// longer timeouts.
}
else {
string th_name =
((thread != backend_thread) && thread_name(thread, 1)) || "";
if (sizeof(th_name))
th_name = " - " + th_name + " -";
report_debug ("###### %s 0x%x%s has been busy for more than %g seconds.\n",
thread == backend_thread ? "Backend thread" : "Thread",
thread->id_number(), th_name, timeout);
int hrnow = gethrtime();
if ((hrnow - last_dump_hrtime) / 1E6 < slow_req_timeout / 2) {
describe_thread (thread);
} else {
last_dump_hrtime = hrnow;
mixed err = catch {
describe_all_threads(0, 1);
};
if (err) master()->handle_error(err);
}
}
threads_disabled = 0; // Paranoia.
}
```
`dump_slow_req()` is called from a `call_out` in a dedicated `Pike.SmallBackend` in a dedicated thread.Pike 8.0https://git.lysator.liu.se/pikelang/pike/-/issues/10029CID 1461176: Null pointer dereferences (FORWARD_NULL)2020-04-05T12:44:28ZHenrik (Grubba) GrubbströmCID 1461176: Null pointer dereferences (FORWARD_NULL)```
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block()
________________________________________________________________________________________________________
*** CID 1461176: Null pointer dereferences (FOR...```
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block()
________________________________________________________________________________________________________
*** CID 1461176: Null pointer dereferences (FORWARD_NULL)
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block()
3027
3028 init_bytecode();
3029 label_no=1;
3030 PUSH_STATEMENT_LABEL;
3031 save_label = current_label->prev;
3032 current_label->prev = NULL;
>>> CID 1461176: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "current_label->prev".
3033 PUSH_CLEANUP_FRAME(NULL, NULL);
3034 current_stack_depth = 0;
3035
3036 /* NOTE: This is no ordinary label... */
3037 low_insert_label(0);
3038 emit0(F_ENTRY);
```Pike Nexthttps://git.lysator.liu.se/pikelang/pike/-/issues/10028CID 1461177: Null pointer dereferences (FORWARD_NULL)2020-04-05T12:44:28ZHenrik (Grubba) GrubbströmCID 1461177: Null pointer dereferences (FORWARD_NULL)```
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode()
________________________________________________________________________________________________________
*** CID 1461177: Null pointer dereferences (FORWARD_NU...```
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode()
________________________________________________________________________________________________________
*** CID 1461177: Null pointer dereferences (FORWARD_NULL)
/home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode()
3268 struct byte_buffer instrbuf_save = instrbuf;
3269 struct statement_label *label_save;
3270
3271 PUSH_STATEMENT_LABEL;
3272 label_save = current_label->prev;
3273 current_label->prev = NULL;
>>> CID 1461177: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "current_label->prev".
3274 PUSH_CLEANUP_FRAME(NULL, NULL);
3275 label_no=1;
3276 current_stack_depth = 0;
3277 Pike_compiler->compiler_frame->generator_local = -1;
3278 init_bytecode();
3279
```Pike Next