CVE-2023-36327: Reporting some `bn` bugs

jy l

unread,

Nov 14, 2022, 2:00:35 PM11/14/22

to relic-discuss

Hi developers,

I’m writing to report some bugs we met in the relic API.

that it seems to have an interger overflow while doing `realloc`, for example when:

`bn_grow(r0, 0x20000000)` it would become `realloc(ptr, “a small number”)` and return successfully, and causing some heap overflow in more later calls.

And we happened to trigger it through some other APIs like `bn_gen_prime` or `bn_rand`. Maybe there should be more checks at here?

Another one is also an interger overflow and trival to fix here:

that in `bn_get_prime`, if the `pos` is a negative number, it would pass the error checking and cause some global buffer corruption. Maybe the `pos` should be an unsigned int?

Could you help us verify these issues? Thanks!!

Diego F. Aranha

unread,

Nov 14, 2022, 3:01:15 PM11/14/22

to relic-…@googlegroups.com

Hi,

Confirmed, that’s why RELIC is listed as "at best alpha-quality software", useful for research purposes only.

There’s a bunch of old broken code in there that was written > 15 years ago.

In particular, the dynamic memory part has never been properly hardened or fuzzed.

I’ve been trying for a few years to remove it completely in favor of stack-allocation only, but keep bumping into walls.

Anyway, can you please start Issues/PRs so we fix at least the low-hanging fruit?

Thank you!

–
Diego F. Aranha

Associate Professor at Computer Science - Aarhus University, Denmark

Åbogade 34, Building 5335 (Office 318 at Nygaard)

8200 Aarhus N, Denmark

jy l

unread,

Nov 15, 2022, 6:49:58 PM11/15/22

to relic-discuss

Sorry for my late reply! Thank you so much for your prompt response!

I didn’t start PRs because I thought the my minor patches might not match the whole coding style. And I just checked and saw lots of them got fixed well right?

Thanks again!