Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

free(): invalid next size (fast) in certain registers #48

Open
klinkigt opened this issue Feb 3, 2024 · 3 comments
Open

free(): invalid next size (fast) in certain registers #48

klinkigt opened this issue Feb 3, 2024 · 3 comments

Comments

@klinkigt
Copy link

klinkigt commented Feb 3, 2024
edited
Loading

Hi,

thank you for this tool. I recently came get the following problem, after it had been working for a while. As recommended I am making a:

pcr-oracle --from eventlog all --verify current

but this just leads to the problem:

Excluding PCR 10 from prediction (used by IMA)
free(): invalid next size (fast)
Abgebrochen (Speicherabzug geschrieben)

so trying to dig deeper I am going over those registers one by one:

pcr-oracle --from eventlog --before --stop-event grub-file=grub.cfg predict 0
sha256:0 d7f1b635cbf5ee8453ed92a1a41537a87a44018a6ca5cb562cec14f7ae081fbd

pcr-oracle --from eventlog --before --stop-event grub-file=grub.cfg predict 1
Error: Unable to extend PCR sha256:0: register was not initialized
free(): invalid pointer
Abgebrochen (Speicherabzug geschrieben)

pcr-oracle --from eventlog --before --stop-event grub-file=grub.cfg predict 2
Error: Unable to extend PCR sha256:0: register was not initialized
sha256:2 77e4f658f7b74581976910eb63f6ad085c13ddcd1031a546a3ac322306ad6def

which then continues like this. Said:

pcr-oracle --from eventlog all --verify current -d \
	--create-testcase /tmp/pcr-oracle.test

print a lot of stuff but also ends up in a:

8...xp..L.......E.e...~i.u.
:::         0640  92 9b f5 a6 bc 59 83 58                                                                         .....Y.X
:::   Firmware hashed entire event data
::: __pecoff_process_certificate_table: returning 2 cert blobs
::: Trying to extract signer's certificate from Authenticode cert
free(): invalid next size (fast)
Abgebrochen (Speicherabzug geschrieben)

No idea where the problem is. But at least the error for the free() seems not what should happen.
@Vogtinator
Copy link
Contributor

If you can still reproduce this, please run it with valgrind.

@klinkigt
Copy link
Author

klinkigt commented Apr 2, 2024

Hi,

this is what I get with valgrind:

valgrind pcr-oracle --from eventlog all --verify current
==13445== Memcheck, a memory error detector
==13445== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==13445== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==13445== Command: pcr-oracle --from eventlog all --verify current
==13445== 
Excluding PCR 10 from prediction (used by IMA)
==13445== Invalid write of size 1
==13445==    at 0x11B21B: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x119251: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x10F632: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x4E721EF: (below main) (in /usr/lib64/libc.so.6)
==13445==  Address 0x55166d4 is 0 bytes after a block of size 20 alloc'd
==13445==    at 0x4845784: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13445==    by 0x11B180: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x119251: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x10F632: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x4E721EF: (below main) (in /usr/lib64/libc.so.6)
==13445== 
==13445== Conditional jump or move depends on uninitialised value(s)
==13445==    at 0x484DAE8: rindex (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13445==    by 0x111DE0: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x117A9F: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x119251: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x10F632: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x4E721EF: (below main) (in /usr/lib64/libc.so.6)
==13445== 
==13445== Use of uninitialised value of size 8
==13445==    at 0x111DE9: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x117A9F: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x119251: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x10F632: ??? (in /usr/bin/pcr-oracle)
==13445==    by 0x4E721EF: (below main) (in /usr/lib64/libc.so.6)
==13445== 
Fatal: Unable to open file /boot/efi/boot/grub2/grub.cfg: No such file or directory
==13445== 
==13445== HEAP SUMMARY:
==13445==     in use at exit: 4,451,348 bytes in 1,438 blocks
==13445==   total heap usage: 10,458 allocs, 9,020 frees, 5,133,678 bytes allocated
==13445== 
==13445== LEAK SUMMARY:
==13445==    definitely lost: 5,194 bytes in 62 blocks
==13445==    indirectly lost: 1,248,528 bytes in 114 blocks
==13445==      possibly lost: 0 bytes in 0 blocks
==13445==    still reachable: 3,197,626 bytes in 1,262 blocks
==13445==         suppressed: 0 bytes in 0 blocks
==13445== Rerun with --leak-check=full to see details of leaked memory
==13445== 
==13445== Use --track-origins=yes to see where uninitialised values come from
==13445== For lists of detected and suppressed errors, rerun with: -s
==13445== ERROR SUMMARY: 13 errors from 3 contexts (suppressed: 0 from 0)

is there a way to pass the correct path of the grub.cfg?

Best
Martin

@Vogtinator
Copy link
Contributor

Please try #53, that should fix the valgrind warnings.

#54 should fix the grub.cfg issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vogtinator @klinkigt