some crashes on using DSA keys

Simon Josefsson simon at
Mon Apr 20 21:52:16 CEST 2009

Miroslav Kratochvil <exa.exa at> writes:

>> Please see if you can make an unmodified 2.6.5 server crash.
> OK, after some amount of effort the server stays impenetrable, so this
> doesn't seem as any source of attacks. (I also tried modified client
> that pushes the bad DSA keys.)
> Still, it would be nice if anyone could confirm this with (possibly)
> some more research, as I'm not very skilled at it.

There are certainly double-free's going on in pk-libgcrypt.c, and it
would be useful to see which can be exploited.  I'm looking at the code

The minimal way to reproduce it is with:

gnutls-serv --x509dsakeyfile ssl.key --x509dsacertfile ssl.crt 
gnutls-cli localhost -p 5556

Using the ssl.key/ssl.crt file from your earlier e-mail.


More information about the Gnutls-devel mailing list