Simon Josefsson simon at
Wed Sep 17 13:30:55 CEST 2008

Werner Koch <wk at> writes:

> Hi,
> A quick grep shows:

Thanks, fixed:;a=commitdiff;h=e8cffa0e953fc4961a0d3b5575f175b2201d791c

I went through the problems in libgnutls to look for exploitability:

> lib/auth_cert.c: 
>     gnutls_calloc (1, sizeof (gnutls_datum_t) * ncerts);

This allocates a copy of something that is already allocated, so I don't
think that can overflow.

> lib/gnutls_cert.c: 
>     *alg = gnutls_calloc (1, sizeof (gnutls_kx_algorithm_t) * i);

This would overflow if the other end sent a very large number of
certificates.  The certificates are checked for appropriate key usage to
increment the counter, so they would have to be at least somewhat
correct certificates.  Sending that many certificates seems difficult to
use to overflow the counter.  gnutls_kx_algorithm_t is an int, so this
amounts to 2^30 certificates, which would run into the handshake size
limit much earlier.

> lib/gnutls_session_pack.c:
>     gnutls_calloc (1, sizeof (gnutls_datum_t) * info->ncerts);

This unpacks user-supplied data.  If the data were corrupt, it could
overflow.  However, if an attacker could influence this data, all the
security is gone anyway since it contains master secret keys.


More information about the Gnutls-devel mailing list