some crashes on using DSA keys
Simon Josefsson
simon at josefsson.org
Mon Apr 20 21:52:16 CEST 2009
Miroslav Kratochvil <exa.exa at gmail.com> writes:
>> Please see if you can make an unmodified 2.6.5 server crash.
>
> OK, after some amount of effort the server stays impenetrable, so this
> doesn't seem as any source of attacks. (I also tried modified client
> that pushes the bad DSA keys.)
>
> Still, it would be nice if anyone could confirm this with (possibly)
> some more research, as I'm not very skilled at it.
There are certainly double-free's going on in pk-libgcrypt.c, and it
would be useful to see which can be exploited. I'm looking at the code
now.
The minimal way to reproduce it is with:
gnutls-serv --x509dsakeyfile ssl.key --x509dsacertfile ssl.crt
gnutls-cli localhost -p 5556
Using the ssl.key/ssl.crt file from your earlier e-mail.
/Simon
More information about the Gnutls-devel
mailing list