Bug#499945: Segfault in asn1_get_tag_der().

Fri Sep 26 17:41:46 UTC 2008

On 2008-09-23 Kurt Roeckx <kurt at roeckx.be> wrote:
> Package: libtasn1-3
> Version: 1.4-1
> Severity: grave

> Hi,

> When I run "lynx https://acrobat.com", I end up with a segfault.  The
> backtrace looks like:

FWIW lynx+gnutls+tasn all built with -O0 gives a tiny bit of
additional info:

Program received signal SIGSEGV, Segmentation fault.
0x00007fc5fe8f0df7 in asn1_get_tag_der (
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
    at decoding.c:127
127       *cls = der[0] & 0xE0;
(gdb) bt
#0  0x00007fc5fe8f0df7 in asn1_get_tag_der (
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
    at decoding.c:127
#1  0x00007fc5fe8f164e in _asn1_extract_tag_der (node=0x247aba0, 
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, ret_len=0x7fff07e49f9c) at decoding.c:424
#2  0x00007fc5fe8f22df in asn1_der_decoding (element=0x2448fd0, 
    ider=0x700000000000046, len=33, errorDescription=0x0) at decoding.c:920
#3  0x00007fc5ff566a0f in gnutls_x509_crt_import (cert=0x2448fd0, 
    data=0x2435180, format=GNUTLS_X509_FMT_DER) at x509.c:213
#4  0x0000000000494e0c in ExtractCertificate ()
#5  0x0000000000494fd4 in X509_get_issuer_name ()
#6  0x000000000049e3d1 in HTLoadHTTP ()
#7  0x000000000049ce45 in HTLoadDocument ()
#8  0x0000000000429c27 in getfile ()
#9  0x0000000000433de7 in mainloop ()
#10 0x000000000042e323 in main ()
gdb) frame 3
#3  0x00007fc5ff566a0f in gnutls_x509_crt_import (cert=0x2448fd0, 
    data=0x2435180, format=GNUTLS_X509_FMT_DER) at x509.c:213
213       result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
(gdb) p data
$4 = (const gnutls_datum_t *) 0x2435180
(gdb) p *data
$5 = {data = 0x700000000000046 <Address 0x700000000000046 out of bounds>, 
  size = 33}

cu andreas