[Pkg-gnutls-maint] Bug#386680: libgnutls13: SEGV in asn1_read_value

[Philipp Kern]

Package: libgnutls13
Severity: important
Version: 1.4.3-1

Hi there,

I just upgraded to libgnutls13 to 1.4.3-1 and got problems in
conjunction with libtasn1-3 0.3.5-2 and libldap2 2.1.30-13+b1.

I use LDAP for authentication and thus both sshd and sudo broke. (PAM
and NSS.)

See the following backtrace as an example:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1478748480 (LWP 22966)]
0xa7c21fad in asn1_read_value () from /usr/lib/libtasn1.so.3
(gdb) bt
#0  0xa7c21fad in asn1_read_value () from /usr/lib/libtasn1.so.3
#1  0xa7c74b9f in gnutls_x509_crt_check_issuer () from
/usr/lib/libgnutls.so.13
#2  0xa7c74d76 in _gnutls_x509_verify_signature ()
   from /usr/lib/libgnutls.so.13
#3  0xa7c755bf in gnutls_x509_crl_verify () from /usr/lib/libgnutls.so.13
#4  0xa7c75a87 in gnutls_x509_crt_list_verify () from
/usr/lib/libgnutls.so.13
#5  0xa7c5da88 in _gnutls_x509_cert_verify_peers ()
   from /usr/lib/libgnutls.so.13
#6  0xa7c509a5 in gnutls_certificate_verify_peers2 ()
   from /usr/lib/libgnutls.so.13
#7  0xa7c509d9 in gnutls_certificate_verify_peers ()
   from /usr/lib/libgnutls.so.13
#8  0xa7cf6438 in gnutls_SSL_shutdown () from /usr/lib/libldap_r.so.2
#9  0xa7cf5ba5 in ldap_int_tls_start () from /usr/lib/libldap_r.so.2
#10 0xa7cd515b in ldap_int_open_connection () from /usr/lib/libldap_r.so.2
#11 0xa7ce74f3 in ldap_new_connection () from /usr/lib/libldap_r.so.2
#12 0xa7cd4f51 in ldap_open_defconn () from /usr/lib/libldap_r.so.2
#13 0xa7ce7c68 in ldap_send_initial_request () from /usr/lib/libldap_r.so.2
#14 0xa7cdd999 in ldap_sasl_bind () from /usr/lib/libldap_r.so.2
#15 0xa7cdde34 in ldap_simple_bind () from /usr/lib/libldap_r.so.2

I am confident that this is an libgnutls13 issue, as the segfaults
started immediately after the upgrade.

Kind regards,
Philipp Kern