Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#115 GPF with RAR and password >30 characters

open
nobody
None
5
2011-06-09
2011-06-09
SuperA
No

A general protection fault raises when trying to list files in passworded RAR archive. The password length is 30+ characters. Details from dmesg:
7z[17413] general protection ip:7f0aa8803ca9 sp:7fff766ec950 error:0 in 7z.so[7f0aa8664000+1f5000]
Sorry, I can't upload a sample and provide the password (it contains private information), but I asked someone to create same archive with WinRAR 3.90 and p7zip GPF's same (I uploaded it instead).
I compiled p7zip with debug info (-O0 -ggdb) and did backtrace:

#0 0x00007fb70c45e49b in NCrypto::NSha1::CContext::UpdateRar (this=0x7fffaf47ce70, data=0x7fffaf47cd32 "AAAAA\n\020\227\263\r\267\177", size=0, rar350Mode=true) at ../../Crypto/Sha1.cpp:151
#1 0x00007fb70c45ce14 in NCrypto::NRar29::CDecoder::Calculate (this=0x1af2b80) at ../../Crypto/RarAes.cpp:109
#2 0x00007fb70c45cc91 in NCrypto::NRar29::CDecoder::Init (this=0x1af2b80) at ../../Crypto/RarAes.cpp:77
#3 0x00007fb70c401c63 in NArchive::NRar::CInArchive::GetNextItem (this=0x7fffaf47d0b0, item=..., getTextPassword=0x1aed8c8, decryptionError=@0x7fffaf47d27f,
errorMessage=...) at ../../Archive/Rar/RarIn.cpp:373
#4 0x00007fb70c3fb712 in NArchive::NRar::CHandler::Open2 (this=0x1af2260, stream=0x1af1bf0, maxCheckStartPosition=0x449248, openCallback=0x1aed8b0) at ../../
Archive/Rar/RarHandler.cpp:423
#5 0x00007fb70c3fbbff in NArchive::NRar::CHandler::Open (this=0x1af2260, stream=0x1af1bf0, maxCheckStartPosition=0x449248, openCallback=0x1aed8b0) at ../../Archive/Rar/RarHandler.cpp:477
#6 0x0000000000437282 in CArc::OpenStream (this=0x7fffaf47d8b0, codecs=0x1ae7cb0, formatIndex=-1, stream=0x1af1bf0, seqStream=0x0, callback=0x1aed8b0) at ../../UI/Common/OpenArchive.cpp:289
#7 0x0000000000437859 in CArc::OpenStreamOrFile (this=0x7fffaf47d8b0, codecs=0x1ae7cb0, formatIndex=-1, stdInMode=false, stream=0x1af1bf0, callback=0x1aed8b0) at ../../UI/Common/OpenArchive.cpp:356
#8 0x0000000000437afd in CArchiveLink::Open (this=0x7fffaf47db20, codecs=0x1ae7cb0, formatIndices=..., stdInMode=false, stream=0x0, filePath=..., callback=0x1aed8b0) at ../../UI/Common/OpenArchive.cpp:407
#9 0x0000000000438533 in CArchiveLink::Open2 (this=0x7fffaf47db20, codecs=0x1ae7cb0, formatIndices=..., stdInMode=false, stream=0x0, filePath=..., callbackUI=0x7fffaf47dbb0) at ../../UI/Common/OpenArchive.cpp:509
#10 0x00000000004077c8 in ListArchives (codecs=0x1ae7cb0, formatIndices=..., stdInMode=false, arcPaths=..., arcPathsFull=..., wildcardCensor=..., enableHeaders=true, techMode=false, passwordEnabled=@0x7fffaf47de88, password=..., numErrors=@0x7fffaf47e278) at ../../UI/Console/List.cpp:462
#11 0x000000000040afaf in Main2 (numArgs=3, args=0x7fffaf47e608) at ../../UI/Console/Main.cpp:495
#12 0x000000000040e7d0 in main (numArgs=3, args=0x7fffaf47e608) at ../../UI/Console/MainAr.cpp:55

with sample password "AAAAAAAAAAAAAAAAAAAAAAAAAAAA".

In all cases p7zip fails in NCrypto::NSha1::CContext::UpdateRar.
This happens on x86_64, x86_32 build is OK. Config: Linux 2.6 x86_64, p7zip 9.20.1, makefile used: makefile.linux_amd64_asm, but fails w/o asm includes.

Discussion

  • SuperA
    SuperA
    2011-06-09

    Example RAR archive. Password is "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

     
    Attachments
  • Igor Pavlov
    Igor Pavlov
    2011-06-10

    int_var + unsigned _var
    works as
    (unsigned)int_var + unsigned _var

    But by some reason 64-bit MSVC compiler works with these things another way.
    So I have no that error in 64-bit Windows version.

    Please try fixed code for
    void CContext::UpdateRar(Byte *data, size_t size, bool rar350Mode)
    in Sha1.cpp:

    curBufferPos = 0;
    CContextBase::UpdateBlock(_buffer, returnRes);
    if (returnRes)
    for (unsigned i = 0; i < kBlockSizeInWords; i++)
    {
    UInt32 d = _buffer[i];
    data[(int)i * 4 + 0 - (int)kBlockSize] = (Byte)(d);
    data[(int)i * 4 + 1 - (int)kBlockSize] = (Byte)(d >> 8);
    data[(int)i * 4 + 2 - (int)kBlockSize] = (Byte)(d >> 16);
    data[(int)i * 4 + 3 - (int)kBlockSize] = (Byte)(d >> 24);
    }

     
  • SuperA
    SuperA
    2011-06-10

    Yes, this code fixed fault.

     

  • Anonymous
    2012-03-30

    We (JDownloader,SevenZipJBinding) encountered the same bug.
    Yes that piece of code works perfectly fine. Can you please commit the change?

    Greetings
    Jiaz