CVE-2008-4989 patch causes segfault with certain certificates and gnutls 2.4.x
simon at josefsson.org
Tue Jan 20 19:03:21 CET 2009
Axel Theilmann <at at pre-secure.de> writes:
> i was debugging a segfault in an application that uses libprelude which in
> turn uses gnutls. the system is opensuse 11.1 with gnutls-2.4.1.
> the client application segfaulted upon connection to a server.
> after some fiddling, i found out that this segfault was caused by the
> CVE-2008-4989 patch
> that was added by opensuse to gnutls-2.4.1
> using a plain gnutls-2.4.1 worked fine. gnutls-2.6.3 worked fine as well.
> the segfault also happens just using gnutls-cli to connect so its not a
> problem of libprelude.
> i can provide a certificate and a server to reproduce this segfault, if
> anyone is interested.
> the segfault just seems to happen with certain server- and ca-certificates.
> connecting to a regular https-server worked fine.
> i dont know enough of gnutls-internals to really figure out what the problem
> is, but it would be neat if this segfault could be fixed in 2.4.x. since
> 2.6.3 does not segfault, there seems to be a way to fix the vulnerability
> without this segfault...
The code in 2.6.3 should work equally well to 2.4.x as well, and I
believe it will solve the problem with crashes. So I suggest you ask
the OpenSUSE team to compare 2.6.0 with 2.6.3 and apply the relevant
patch. Btw, 2.4.2 also contains a fix for another crash that may be
useful to apply.
More information about the Gnutls-devel