* [ISSUE] encfs: segfaults with older directories
@ 2023-09-05 13:06 dezifit
2023-09-06 13:29 ` sgn
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: dezifit @ 2023-09-05 13:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1863 bytes --]
New issue by dezifit on void-packages repository
https://github.com/void-linux/void-packages/issues/45916
Description:
### Is this a new report?
Yes
### System Info
6.3.13_1 x86_64 (glibc)
### Package(s) Affected
encfs-1.9.5_6
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
After the last recent xbps/crypto update encfs now fails to mount some encrypted directories. While newer ones (having .encfs6.xml) are working, older ones (with .encfs5.xml) are immediately crashing with a segfault:
```
Sep 5 12:35:32 solist kernel: [109292.081871] encfs[2218]: segfault at 78 ip 00007fc3f0f03d74 sp 00007ffecf112760 error 4 in libcrypto.so.3[7fc3f0dd0000+30c000] likely on CPU 5 (core 5, socket 0)
Sep 5 12:35:32 solist kernel: [109292.081888] Code: c3 0f 1f 44 00 00 41 54 55 89 f5 53 48 89 fb 48 81 ec a0 00 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 98 00 00 00 48 8b 07 <48> 83 78 78 00 0f 84 c1 00 00 00 66 0f ef c0 0f 29 44 24 40 0f 29
```
There is a [debian bug report](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014193) describing this problem and [mentioning a mitigation](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014193#35), which involves changes in `/etc/ssl/opensslf.conf`.
I changed the openssl configuration as described (using openssl.cnf.dist as base) and can confirm that it solves the encfs issue. Is a fix for encfs to be expected or what's the best approach in this case (besides avoding encfs altogether):
* applying the config change to openssl.cnf
* using a modified openssl.cnf.dist (as I did)
### Expected behaviour
Old encfs directories should be usable
### Actual behaviour
Trying to mount old encfs directories causes a segfault
### Steps to reproduce
Just access/open a old encrypted folder (using .encfs5.xml) requiring legacy crypto provider
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: encfs: segfaults with older directories
2023-09-05 13:06 [ISSUE] encfs: segfaults with older directories dezifit
@ 2023-09-06 13:29 ` sgn
2023-09-06 21:26 ` dezifit
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-06 13:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 159 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/issues/45916#issuecomment-1708366421
Comment:
Please test #45943
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: encfs: segfaults with older directories
2023-09-05 13:06 [ISSUE] encfs: segfaults with older directories dezifit
2023-09-06 13:29 ` sgn
@ 2023-09-06 21:26 ` dezifit
2023-09-06 21:26 ` dezifit
2023-09-07 6:21 ` [ISSUE] [CLOSED] " sgn
3 siblings, 0 replies; 5+ messages in thread
From: dezifit @ 2023-09-06 21:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 408 bytes --]
New comment by dezifit on void-packages repository
https://github.com/void-linux/void-packages/issues/45916#issuecomment-1709143455
Comment:
`encfs` in export mode still allows selection of blowfish, which can be used to reproduce the segfault with a new created encrypted directory.
I did a short test of the patched `encfs` with blowfish encryption in new (encfs6) and old format and found no issues.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: encfs: segfaults with older directories
2023-09-05 13:06 [ISSUE] encfs: segfaults with older directories dezifit
2023-09-06 13:29 ` sgn
2023-09-06 21:26 ` dezifit
@ 2023-09-06 21:26 ` dezifit
2023-09-07 6:21 ` [ISSUE] [CLOSED] " sgn
3 siblings, 0 replies; 5+ messages in thread
From: dezifit @ 2023-09-06 21:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 408 bytes --]
New comment by dezifit on void-packages repository
https://github.com/void-linux/void-packages/issues/45916#issuecomment-1709143455
Comment:
`encfs` in expert mode still allows selection of blowfish, which can be used to reproduce the segfault with a new created encrypted directory.
I did a short test of the patched `encfs` with blowfish encryption in new (encfs6) and old format and found no issues.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ISSUE] [CLOSED] encfs: segfaults with older directories
2023-09-05 13:06 [ISSUE] encfs: segfaults with older directories dezifit
` (2 preceding siblings ...)
2023-09-06 21:26 ` dezifit
@ 2023-09-07 6:21 ` sgn
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-07 6:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1866 bytes --]
Closed issue by dezifit on void-packages repository
https://github.com/void-linux/void-packages/issues/45916
Description:
### Is this a new report?
Yes
### System Info
6.3.13_1 x86_64 (glibc)
### Package(s) Affected
encfs-1.9.5_6
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
After the last recent xbps/crypto update encfs now fails to mount some encrypted directories. While newer ones (having .encfs6.xml) are working, older ones (with .encfs5.xml) are immediately crashing with a segfault:
```
Sep 5 12:35:32 solist kernel: [109292.081871] encfs[2218]: segfault at 78 ip 00007fc3f0f03d74 sp 00007ffecf112760 error 4 in libcrypto.so.3[7fc3f0dd0000+30c000] likely on CPU 5 (core 5, socket 0)
Sep 5 12:35:32 solist kernel: [109292.081888] Code: c3 0f 1f 44 00 00 41 54 55 89 f5 53 48 89 fb 48 81 ec a0 00 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 98 00 00 00 48 8b 07 <48> 83 78 78 00 0f 84 c1 00 00 00 66 0f ef c0 0f 29 44 24 40 0f 29
```
There is a [debian bug report](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014193) describing this problem and [mentioning a mitigation](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014193#35), which involves changes in `/etc/ssl/opensslf.conf`.
I changed the openssl configuration as described (using openssl.cnf.dist as base) and can confirm that it solves the encfs issue. Is a fix for encfs to be expected or what's the best approach in this case (besides avoding encfs altogether):
* applying the config change to openssl.cnf
* using a modified openssl.cnf.dist (as I did)
### Expected behaviour
Old encfs directories should be usable
### Actual behaviour
Trying to mount old encfs directories causes a segfault
### Steps to reproduce
Just access/open a old encrypted folder (using .encfs5.xml) requiring legacy crypto provider
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-07 6:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-05 13:06 [ISSUE] encfs: segfaults with older directories dezifit
2023-09-06 13:29 ` sgn
2023-09-06 21:26 ` dezifit
2023-09-06 21:26 ` dezifit
2023-09-07 6:21 ` [ISSUE] [CLOSED] " sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).