# mcrypt problems / signal 11 / buffer overflow

## TomasV

Hi everyone,

I needed to encrypt some files and I planned to use mcrypt, but I've run into some strange troubles with buffer overflows and segmentation faults  :Sad: 

With mcrypt-2.6.7 I get this

```
# mcrypt myfile.txt

Enter the passphrase (maximum of 512 characters)                                  

Please use a combination of upper and lower case letters and numbers.             

Enter passphrase:

Enter passphrase:

*** buffer overflow detected ***: mcrypt terminated

======= Backtrace: =========

/lib/libc.so.6(__fortify_fail+0x48)[0xb7640db8]

/lib/libc.so.6[0xb763ee00]

mcrypt[0x805279d]

======= Memory map: ========

08048000-0805a000 r-xp 00000000 08:43 7239820    /usr/bin/mcrypt

0805a000-0805b000 r--p 00011000 08:43 7239820    /usr/bin/mcrypt

0805b000-0805c000 rw-p 00012000 08:43 7239820    /usr/bin/mcrypt

0805c000-08083000 rw-p 00000000 00:00 0

085d0000-085f1000 rw-p 00000000 00:00 0          [heap]

b72d9000-b734d000 rw-p 00000000 00:00 0

b738b000-b7397000 r-xp 00000000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1

b7397000-b7398000 r--p 0000b000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1

b7398000-b7399000 rw-p 0000c000 08:43 4861387    /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1

b73c1000-b73cb000 r-xp 00000000 08:43 6477056    /lib/libnss_files-2.10.1.so

b73cb000-b73cc000 r--p 00009000 08:43 6477056    /lib/libnss_files-2.10.1.so

b73cc000-b73cd000 rw-p 0000a000 08:43 6477056    /lib/libnss_files-2.10.1.so

b73cd000-b73d6000 r-xp 00000000 08:43 6477055    /lib/libnss_nis-2.10.1.so

b73d6000-b73d7000 r--p 00008000 08:43 6477055    /lib/libnss_nis-2.10.1.so

b73d7000-b73d8000 rw-p 00009000 08:43 6477055    /lib/libnss_nis-2.10.1.so

b73d8000-b73eb000 r-xp 00000000 08:43 6477065    /lib/libnsl-2.10.1.so

b73eb000-b73ec000 r--p 00012000 08:43 6477065    /lib/libnsl-2.10.1.so

b73ec000-b73ed000 rw-p 00013000 08:43 6477065    /lib/libnsl-2.10.1.so

b73ed000-b73ef000 rw-p 00000000 00:00 0

b73ef000-b73f5000 r-xp 00000000 08:43 6477087    /lib/libnss_compat-2.10.1.so

b73f5000-b73f6000 r--p 00006000 08:43 6477087    /lib/libnss_compat-2.10.1.so

b73f6000-b73f7000 rw-p 00007000 08:43 6477087    /lib/libnss_compat-2.10.1.so

b73f7000-b7559000 r--p 00000000 08:43 3587265    /usr/lib/locale/locale-archive

b7559000-b755a000 rw-p 00000000 00:00 0

b755a000-b769c000 r-xp 00000000 08:43 6475863    /lib/libc-2.10.1.so

b769c000-b769e000 r--p 00142000 08:43 6475863    /lib/libc-2.10.1.so

b769e000-b769f000 rw-p 00144000 08:43 6475863    /lib/libc-2.10.1.so

b769f000-b76a2000 rw-p 00000000 00:00 0

b76a2000-b76c7000 r-xp 00000000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8

b76c7000-b76c8000 r--p 00024000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8

b76c8000-b76ca000 rw-p 00025000 08:43 8115783    /usr/lib/libmcrypt.so.4.4.8

b76ca000-b76cf000 rw-p 00000000 00:00 0

b76cf000-b7712000 r-xp 00000000 08:43 793561     /usr/lib/libmhash.so.2.0.1

b7712000-b7713000 r--p 00042000 08:43 793561     /usr/lib/libmhash.so.2.0.1

b7713000-b7714000 rw-p 00043000 08:43 793561     /usr/lib/libmhash.so.2.0.1

b7714000-b7725000 r-xp 00000000 08:43 29553      /lib/libz.so.1.2.3

b7725000-b7726000 r--p 00010000 08:43 29553      /lib/libz.so.1.2.3

b7726000-b7727000 rw-p 00011000 08:43 29553      /lib/libz.so.1.2.3

b7727000-b7728000 rw-p 00000000 00:00 0

b7750000-b776c000 r-xp 00000000 08:43 6477080    /lib/ld-2.10.1.so

b776c000-b776d000 r--p 0001c000 08:43 6477080    /lib/ld-2.10.1.so

b776d000-b776e000 rw-p 0001d000 08:43 6477080    /lib/ld-2.10.1.so

bff2c000-bff34000 rw-p 00000000 00:00 0          [stack]

ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]

Neúspěšně ukončen (SIGABRT)
```

and with mcrypt-2.6.8 (unmasked) I get this

```
# mcrypt myfile.txt

Enter the passphrase (maximum of 512 characters)

Please use a combination of upper and lower case letters and numbers.

Enter passphrase:

Enter passphrase:
```

In both cases the libmcrypt version is 2.5.8-r1.

Is there something wrong with mcrypt or with the whole system? I've visited the http://mcrypt.sourceforge.net site but it seems rather inactive and I've found no clue there.

----------

## Hu

Based on that output, version 2.6.7 had a buffer overflow bug that was successfully trapped by security features in glibc.  The output you posted for 2.6.8 appears to be fine.  Did you mean that it never finishes?

Do you specifically need mcrypt for this task?  It is much more common to use gpg from app-crypt/gnupg.

----------

## TomasV

 *Hu wrote:*   

> Based on that output, version 2.6.7 had a buffer overflow bug that was successfully trapped by security features in glibc.  The output you posted for 2.6.8 appears to be fine.  Did you mean that it never finishes?

 

Aaaaah, I haven't posted the complete 2.6.8 output! The last line saying the command was terminated with signal 11 (which is a segfault). So it fails just like the 2.6.7.

 *Hu wrote:*   

> Do you specifically need mcrypt for this task?  It is much more common to use gpg from app-crypt/gnupg.

 

Well, I've been using mcrypt library some time ago (in PHP), so it was a natural choice. But I have no problem selecting a different solution (for now I've used ccrypt but I'll look into the gnupg - not sure why I haven't used it in the first place).

----------

