Cryptography VTY Bugreport

historical

Hi folks.

I am currently playing with the crypto features of openBSC. When i want 
to enter the key for a specific subscriber in the VTY console openBSC 
crashes.

When i create the entry manually with sqlite3 and try again the entry in 
the database will be overwritten and it seems to work.

The string i entered in VTY was:

subscriber imsi 001010000000000 a3a8 comp128v1 
DEADBEEF0C0FFEE0F00D013370D00F23

The gdb backtrace is:

openbsc at openBSC:~/openbsc/openbsc/src$ gdb -- pid 1612
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
pid: No such file or directory.
Attaching to process 1612
Reading symbols from /home/openbsc/openbsc/openbsc/src/bsc_hack...done.
Reading symbols from /usr/local/lib/libosmocore.so.0...done.
Loaded symbols for /usr/local/lib/libosmocore.so.0
Reading symbols from /lib/tls/i686/cmov/libdl.so.2...(no debugging 
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libdbi.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/libdbi.so.0
Reading symbols from /usr/local/lib/libosmovty.so.0...done.
Loaded symbols for /usr/local/lib/libosmovty.so.0
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...(no debugging 
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /lib/tls/i686/cmov/libc.so.6...(no debugging 
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/i686/cmov/libm.so.6...(no debugging 
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libm.so.6
Reading symbols from /usr/lib/dbd/libdbdsqlite3.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/lib/dbd/libdbdsqlite3.so
Reading symbols from /usr/lib/libsqlite3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/libsqlite3.so.0
Reading symbols from /lib/tls/i686/cmov/libpthread.so.0...(no debugging 
symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib/tls/i686/cmov/libpthread.so.0
0x00c9d422 in __kernel_vsyscall ()
(gdb) continue
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x0046450b in vfprintf () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0x0046450b in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#1  0x00484147 in vasprintf () from /lib/tls/i686/cmov/libc.so.6
#2  0x006b042f in dbi_conn_queryf () from /usr/lib/libdbi.so.0
#3  0x08054c05 in db_sync_authinfo_for_subscr (ainfo=0x579ff4, 
subscr=0x994ec18) at db.c:413
#4  0x0805408e in ena_subscr_a3a8 (self=0x8089ee0, vty=0x99501f8, 
argc=4, argv=0xbfc33f6c) at vty_interface_layer3.c:502
#5  0x00a74cfb in cmd_execute_command_real (vline=<value optimized out>, 
vty=<value optimized out>, cmd=0x0)
    at command.c:1874
#6  0x00a74e27 in cmd_execute_command (vline=0x994a5c0, vty=0x99501f8, 
cmd=0x0, vtysh=0) at command.c:1909
#7  0x00a7766f in vty_command (vty=0x99501f8) at vty.c:321
#8  vty_execute (vty=0x99501f8) at vty.c:585
#9  vty_read (vty=0x99501f8) at vty.c:1319
#10 0x00a793aa in client_data (fd=0x99504d4, what=1) at 
telnet_interface.c:128
#11 0x003b7925 in bsc_select_main (polling=0) at select.c:119
#12 0x0804bc66 in main (argc=3, argv=0xbfc34604) at bsc_hack.c:271
(gdb)

Maybe this helps to find the bug.

regards.
Philipp

-- 
______________________________________
Philipp Fabian Benedikt Maier

  philipp.maier at runningserver.com
  Funk: DO5DXT
  http://www.runningserver.com
  http://www.diskettenschlitz.de
______________________________________