search

pyca / cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
https://cryptography.io
Other
6.63k stars 1.52k forks source link

`tests/hazmat/primitives/test_pkcs7.py::TestPKCS7SignatureBuilder::test_sign_byteslike` crashes: unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` #11319

Closed mgorny closed 2 months ago

mgorny commented 2 months ago

Reproduced with Python 3.12.4 (but also PyPy3.10 7.3.16 and Python 3.10.14), on top of 0e175c7505ee9ede94c0b914727f0b0cde6a5769 and 43.0.0 release, on Gentoo Linux amd64. rustc 1.79.0 (129f3b996 2024-06-10) (gentoo)

To reproduce:

pip install -v -e '.[test]' -Cbuild-args=--profile=dev
export RUST_BACKTRACE=1
python -m pytest -vv -s tests/hazmat/primitives/test_pkcs7.py::TestPKCS7SignatureBuilder::test_sign_byteslike

The output:

========================================================= test session starts =========================================================
platform linux -- Python 3.12.4, pytest-8.3.1, pluggy-1.5.0 -- /tmp/cryptography/.venv/bin/python
cachedir: .pytest_cache
benchmark: 4.0.0 (defaults: timer=time.perf_counter disable_gc=False min_rounds=5 min_time=0.000005 max_time=1.0 calibration_precision=10 warmup=False warmup_iterations=100000)
OpenSSL: OpenSSL 3.3.1 4 Jun 2024
FIPS Enabled: False
rootdir: /tmp/cryptography
configfile: pyproject.toml
plugins: xdist-3.6.1, cov-5.0.0, benchmark-4.0.0
collected 1 item                                                                                                                      

tests/hazmat/primitives/test_pkcs7.py::TestPKCS7SignatureBuilder::test_sign_byteslike thread '<unnamed>' panicked at library/core/src/panicking.rs:220:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`
stack backtrace:
   0: rust_begin_unwind
   1: core::panicking::panic_nounwind_fmt
   2: core::panicking::panic_nounwind
   3: core::slice::raw::from_raw_parts::precondition_check
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/ub_checks.rs:66:21
   4: core::slice::raw::from_raw_parts
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/ub_checks.rs:73:17
   5: openssl::bio::MemBio::get_buf
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/openssl-0.10.65/src/bio.rs:66:13
   6: openssl::pkcs7::Pkcs7::from_smime
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/openssl-0.10.65/src/pkcs7.rs:117:22
   7: cryptography_rust::test_support::pkcs7_verify
             at ./src/rust/src/test_support.rs:77:9
   8: cryptography_rust::test_support::__pyfunction_pkcs7_verify
             at ./src/rust/src/test_support.rs:62:1
   9: pyo3::impl_::trampoline::cfunction_with_keywords::{{closure}}
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pyo3-0.22.2/src/impl_/trampoline.rs:44:29
  10: pyo3::impl_::trampoline::trampoline::{{closure}}
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pyo3-0.22.2/src/impl_/trampoline.rs:188:54
  11: std::panicking::try::do_call
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/std/src/panicking.rs:559:40
  12: __rust_try
  13: std::panicking::try
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/std/src/panicking.rs:523:19
  14: std::panic::catch_unwind
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/std/src/panic.rs:149:14
  15: pyo3::impl_::trampoline::trampoline
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pyo3-0.22.2/src/impl_/trampoline.rs:188:9
  16: pyo3::impl_::trampoline::cfunction_with_keywords
             at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pyo3-0.22.2/src/impl_/trampoline.rs:44:13
  17: cryptography_rust::test_support::<impl cryptography_rust::test_support::pkcs7_verify::MakeDef>::_PYO3_DEF::trampoline
             at ./src/rust/src/test_support.rs:62:1
  18: <unknown>
  19: _PyObject_MakeTpCall
  20: _PyEval_EvalFrameDefault
  21: <unknown>
  22: <unknown>
  23: _PyEval_EvalFrameDefault
  24: _PyObject_FastCallDictTstate
  25: _PyObject_Call_Prepend
  26: <unknown>
  27: _PyObject_MakeTpCall
  28: _PyEval_EvalFrameDefault
  29: _PyObject_FastCallDictTstate
  30: _PyObject_Call_Prepend
  31: <unknown>
  32: _PyObject_Call
  33: _PyEval_EvalFrameDefault
  34: _PyObject_FastCallDictTstate
  35: _PyObject_Call_Prepend
  36: <unknown>
  37: _PyObject_MakeTpCall
  38: _PyEval_EvalFrameDefault
  39: _PyObject_FastCallDictTstate
  40: _PyObject_Call_Prepend
  41: <unknown>
  42: _PyObject_MakeTpCall
  43: _PyEval_EvalFrameDefault
  44: _PyObject_FastCallDictTstate
  45: _PyObject_Call_Prepend
  46: <unknown>
  47: _PyObject_MakeTpCall
  48: _PyEval_EvalFrameDefault
  49: PyEval_EvalCode
  50: <unknown>
  51: <unknown>
  52: PyObject_Vectorcall
  53: _PyEval_EvalFrameDefault
  54: <unknown>
  55: Py_RunMain
  56: Py_BytesMain
  57: <unknown>
  58: __libc_start_main
  59: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
thread caused non-unwinding panic. aborting.
Fatal Python error: Aborted

Current thread 0x00007f30a6fae740 (most recent call first):
  File "/tmp/cryptography/tests/hazmat/primitives/test_pkcs7.py", line 312 in test_sign_byteslike
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/python.py", line 159 in pytest_pyfunc_call
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_callers.py", line 103 in _multicall
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_manager.py", line 120 in _hookexec
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_hooks.py", line 513 in __call__
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/python.py", line 1627 in runtest
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 174 in pytest_runtest_call
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_callers.py", line 103 in _multicall
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_manager.py", line 120 in _hookexec
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_hooks.py", line 513 in __call__
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 242 in <lambda>
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 341 in from_call
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 241 in call_and_report
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 132 in runtestprotocol
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/runner.py", line 113 in pytest_runtest_protocol
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_callers.py", line 103 in _multicall
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_manager.py", line 120 in _hookexec
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_hooks.py", line 513 in __call__
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/main.py", line 362 in pytest_runtestloop
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_callers.py", line 103 in _multicall
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_manager.py", line 120 in _hookexec
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_hooks.py", line 513 in __call__
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/main.py", line 337 in _main
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/main.py", line 283 in wrap_session
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/main.py", line 330 in pytest_cmdline_main
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_callers.py", line 103 in _multicall
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_manager.py", line 120 in _hookexec
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pluggy/_hooks.py", line 513 in __call__
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/config/__init__.py", line 175 in main
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/_pytest/config/__init__.py", line 201 in console_main
  File "/tmp/cryptography/.venv/lib/python3.12/site-packages/pytest/__main__.py", line 9 in <module>
  File "<frozen runpy>", line 88 in _run_code
  File "<frozen runpy>", line 198 in _run_module_as_main

Extension modules: _cffi_backend (total: 1)
Aborted (core dumped)
alex commented 2 months ago

Thanks. I'm able to verify, it's an issue in rust-openssl, so I'll send a PR to fix there momentarily.

alex commented 2 months ago

https://github.com/sfackler/rust-openssl/pull/2266

reaperhulk commented 2 months ago

This issue is only reachable via tests so we're not going to issue a new release at the moment, but thank you very much for catching this @mgorny! We're also adding a new build to our CI matrix to catch this type of issue in the future and I'll send a backport momentarily so that when we do ship 43.0.1 the fix will be there 😄

mgorny commented 2 months ago

Thanks!