CVE-2008-4989 patch causes segfault with certain certificates and gnutls 2.4.x

Axel Theilmann at at pre-secure.de
Mon Jan 19 21:38:11 CET 2009


moin,

i was debugging a segfault in an application that uses libprelude which in
turn uses gnutls. the system is opensuse 11.1 with gnutls-2.4.1.

the client application segfaulted upon connection to a server.

after some fiddling, i found out that this segfault was caused by the
CVE-2008-4989 patch
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217
that was added by opensuse to gnutls-2.4.1
using a plain gnutls-2.4.1 worked fine. gnutls-2.6.3 worked fine as well.

the segfault also happens just using gnutls-cli to connect so its not a
problem of libprelude.

i can provide a certificate and a server to reproduce this segfault, if
anyone is interested.


the segfault just seems to happen with certain server- and ca-certificates.
connecting to a regular https-server worked fine.

i dont know enough of gnutls-internals to really figure out what the problem
is, but it would be neat if this segfault could be fixed in 2.4.x. since
2.6.3 does not segfault, there seems to be a way to fix the vulnerability
without this segfault...


tty, axel


-- 
Dipl.-Inform. Axel Theilmann                   at at pre-secure.de
Senior Researcher               Phone (+49) 040 / 8080 77 - 880
                                Fax   (+49) 040 / 8080 77 - 877

PRESECURE Consulting GmbH, Muenster        AG Münster, HRB 6581
Geschäftsführer/Managing Director   Dr. Klaus-Peter Kossakowski

                            CarmentiS - Early Warning Expertise
                                      https://www.carmentis.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090119/45fc197c/attachment.pgp>


More information about the Gnutls-devel mailing list