GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

Simon Josefsson simon at josefsson.org
Mon May 19 20:58:16 CEST 2008 

Andreas Metzler <ametzler at downhill.at.eu.org> writes:

> On 2008-05-19 Simon Josefsson <simon at josefsson.org> wrote:
>> Andreas Metzler <ametzler at downhill.at.eu.org> writes:
>> > The fix for this one (gnutls_cipher.c) breaks clean end of session:
>
>> Sigh!  If you add -d 4711 what does it say?  I'm trying to reproduce
>> this now.
>
> Hello,
>
> I am attaching logs for both 2.2.3 and 2.2.4 for easy comparison.

Thanks!

> |<7>| RB: Have 5 bytes into buffer. Adding 32 bytes.
> |<7>| RB: Requested 37 bytes
> |<4>| REC[8073cb8]: Short record length 32 < 16 + 20 (under attack?)
> |<2>| ASSERT: gnutls_cipher.c:461
> |<2>| ASSERT: gnutls_record.c:999

Ok, the debug message printing check was incorrect.  Sigh...

The patch below still catch the exploit but works with a proper server
that sends a short reply.  Can you test this?

Thanks,
/Simon

diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index f071710..e16ad1f 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -453,15 +453,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
-  if (ciphertext.size < (unsigned) blocksize + hash_size)
-    {
-      _gnutls_record_log
-	("REC[%x]: Short record length %d < %d + %d (under attack?)\n",
-	 session, ciphertext.size, blocksize, hash_size);
-      gnutls_assert ();
-      return GNUTLS_E_DECRYPTION_FAILED;
-    }
-
   /* actual decryption (inplace)
    */
   switch (_gnutls_cipher_is_block
@@ -515,6 +506,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
       if ((int)pad > (int)ciphertext.size - hash_size)
 	{
 	  gnutls_assert ();
+	  _gnutls_record_log
+	    ("REC[%x]: Short record length %d > %d - %d (under attack?)\n",
+	     session, pad, ciphertext.size, hash_size);
 	  /* We do not fail here. We check below for the
 	   * the pad_failed. If zero means success.
 	   */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20080519/d1b6bff7/attachment.pgp>

More information about the Gnutls-devel mailing list