Bug#844061: libgnutls30: gnutls-cli-debug segfaults after checking for inappropriate fallback (RFC7507) support
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Nov 12 06:28:24 UTC 2016
Package: libgnutls30
Version: 3.5.6-2
Severity: normal
I get a segfault from:
gnutls-cli-debug --port 853 dns.cmrg.net
Below is a backtrace from the version in testing (3.5.5-6) which also
segfaults (the -dbgsym package doesn't appear to be available in
unstable yet):
(gdb) run --port 853 dns.cmrg.net
Starting program: /usr/bin/gnutls-cli-debug --port 853 dns.cmrg.net
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Warning: getservbyport(853) failed. Using port number as service.
GnuTLS debug client 3.5.5
Checking dns.cmrg.net:853
for SSL 3.0 (RFC6101) support... no
whether we need to disable TLS 1.2... no
whether we need to disable TLS 1.1... no
whether we need to disable TLS 1.0... no
whether %NO_EXTENSIONS is required... no
whether %COMPAT is required... no
for TLS 1.0 (RFC2246) support... yes
for TLS 1.1 (RFC4346) support... yes
for TLS 1.2 (RFC5246) support... yes
fallback from TLS 1.6 to... TLS1.2
for inappropriate fallback (RFC7507) support... yes
Program received signal SIGSEGV, Segmentation fault.
copy_record_version (version=0x555555790a5c "\003\002", htype=4294967295,
session=0x55555578d370) at record.c:370
370 record.c: No such file or directory.
(gdb) bt
#0 copy_record_version (version=0x555555790a5c "\003\002", htype=4294967295,
session=0x55555578d370) at record.c:370
#1 _gnutls_send_tlen_int (session=session at entry=0x55555578d370,
type=type at entry=GNUTLS_ALERT, htype=htype at entry=4294967295,
epoch_rel=epoch_rel at entry=70001, _data=_data at entry=0x7fffffffe340,
data_size=data_size at entry=2, min_pad=0, mflags=1) at record.c:496
#2 0x00007ffff7ac7c28 in _gnutls_send_int (mflags=1, data_size=2,
_data=0x7fffffffe340, epoch_rel=70001, htype=4294967295,
type=GNUTLS_ALERT, session=0x55555578d370) at ./record.h:43
#3 gnutls_alert_send (session=session at entry=0x55555578d370,
level=level at entry=GNUTLS_AL_WARNING, desc=desc at entry=GNUTLS_A_CLOSE_NOTIFY)
at alert.c:165
#4 0x00007ffff7aa583c in gnutls_bye (session=0x55555578d370,
how=GNUTLS_SHUT_WR) at record.c:297
#5 0x000055555555efae in ?? ()
#6 0x000055555555a5d1 in ?? ()
#7 0x00007ffff72a42b1 in __libc_start_main (main=0x55555555a230, argc=4,
argv=0x7fffffffe5f8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe5e8)
at ../csu/libc-start.c:291
#8 0x000055555555a7ba in ?? ()
(gdb)
I operate dns.cmrg.net: Please feel free to test connections against
it :)
--dkg
-- System Information:
Debian Release: stretch/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libgnutls30 depends on:
ii libc6 2.24-5
ii libgmp10 2:6.1.1+dfsg-1
ii libhogweed4 3.3-1
ii libidn11 1.33-1
ii libnettle6 3.3-1
ii libp11-kit0 0.23.2-5
ii libtasn1-6 4.9-4
ii zlib1g 1:1.2.8.dfsg-2+b3
libgnutls30 recommends no packages.
Versions of packages libgnutls30 suggests:
ii gnutls-bin 3.5.6-2
-- no debconf information
More information about the Pkg-gnutls-maint
mailing list