Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
Michael Meskes
meskes at debian.org
Wed Nov 12 10:01:38 UTC 2008
On Tue, Nov 11, 2008 at 04:55:57PM +0100, Simon Josefsson wrote:
> I think we have identified the problem, see:
>
> http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230
>
> That patch at least solves the vulnerability and the crash, so possibly
> it could be uploaded to debian to avoid further troubles until we have
> released a 2.6.2 with a good fix.
You mean just removing this code snippet instead of moving it?
/* Check if the last certificate in the path is self signed.
* In that case ignore it (a certificate is trusted only if it
* leads to a trusted party by us, not the server's).
*/
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
certificate_list[clist_size - 1]) > 0
&& clist_size > 0)
{
clist_size--;
}
Yes, this works. However, I wonder whether this code has any use. If so,
wouldn't it help to just use "clist_size > 1" instead of "clist_size > 0"? The
> 0 test is bogus if you access clist_size - 1 afterwards, but with the > 1
test it works for me as well, i.e. no segfault anymore.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: meskes at jabber.org
Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL!
More information about the Pkg-gnutls-maint
mailing list