Upstream/BungeeCord
1
0
Fork 0
mirror of https://github.com/SpigotMC/BungeeCord.git synced 2024-11-27 12:46:05 +01:00
Code Issues Projects Releases Wiki Activity

#3716, #3707: Fix native-cipher segfault when using musl libc

Browse Source
This commit is contained in:
lax1dude 2024-08-08 18:19:20 +10:00 committed by md_5
parent c310e3339f
commit e49759025f
No known key found for this signature in database
GPG Key ID: E8E901AC7C617C11
4 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
native/compile-native.sh
View File

@ -2,8 +2,10 @@
set -eu set -eu
CWD=$(pwd)
echo "Compiling mbedtls" echo "Compiling mbedtls"
(cd mbedtls && make no_test) (cd mbedtls && CFLAGS="-fPIC -I$CWD/src/main/c -DMBEDTLS_USER_CONFIG_FILE='<mbedtls_custom_config.h>'" make no_test)
echo "Compiling zlib" echo "Compiling zlib"
(cd zlib && CFLAGS=-fPIC ./configure --static && make) (cd zlib && CFLAGS=-fPIC ./configure --static && make)

6
native/src/main/c/NativeCipherImpl.c
View File

@ -5,11 +5,15 @@
#include "shared.h" #include "shared.h"
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h" #include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
// Hack to keep the compiler from optimizing the memset away
static void *(*const volatile memset_func)(void *, int, size_t) = memset;
typedef unsigned char byte; typedef unsigned char byte;
typedef struct crypto_context { typedef struct crypto_context {
int mode; int mode;
mbedtls_aes_context cipher; mbedtls_aes_context cipher;
int keyLen;
byte key[]; byte key[];
} crypto_context; } crypto_context;
@ -22,6 +26,7 @@ jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env
return 0; return 0;
} }
crypto->keyLen = (int) keyLen;
(*env)->GetByteArrayRegion(env, key, 0, keyLen, (jbyte*) &crypto->key); (*env)->GetByteArrayRegion(env, key, 0, keyLen, (jbyte*) &crypto->key);
mbedtls_aes_init(&crypto->cipher); mbedtls_aes_init(&crypto->cipher);
@ -36,6 +41,7 @@ void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject
crypto_context *crypto = (crypto_context*) ctx; crypto_context *crypto = (crypto_context*) ctx;
mbedtls_aes_free(&crypto->cipher); mbedtls_aes_free(&crypto->cipher);
memset_func(crypto->key, 0, (size_t) crypto->keyLen);
free(crypto); free(crypto);
} }

31
native/src/main/c/mbedtls_custom_config.h Normal file
View File

@ -0,0 +1,31 @@
// This is a hack to deal with a glitch that happens when mbedtls is compiled against glibc
// but then run on a linux distro that uses musl libc. This implementation of the zeroize
// is compatible with both glibc and musl without requiring the library to be recompiled.
// I checked with a disassembler and for BungeeCord's usage of the library, implementing
// this function as a static function only resulted in 2 different subroutines referencing
// different versions of memset_func, so we might as well keep things simple and use a
// static function here instead of requiring the mbedtls makefile to be modified to add
// additional source files.
#ifndef _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H
#define _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H
#include <string.h>
#define MBEDTLS_PLATFORM_ZEROIZE_ALT
#define mbedtls_platform_zeroize mbedtls_platform_zeroize_impl
// hack to prevent compilers from optimizing the memset away
static void *(*const volatile memset_func)(void *, int, size_t) = memset;
static void mbedtls_platform_zeroize_impl(void *buf, size_t len) {
if (len > 0) {
memset_func(buf, 0, len);
}
}
#endif // _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H

BIN
native/src/main/resources/native-cipher.so
View File

Binary file not shown.