CVE-2008-4989 patch causes segfault with certain certificates and gnutls 2.4.x

Simon Josefsson simon at josefsson.org
Tue Jan 20 19:03:21 CET 2009


Axel Theilmann <at at pre-secure.de> writes:

> moin,
>
> i was debugging a segfault in an application that uses libprelude which in
> turn uses gnutls. the system is opensuse 11.1 with gnutls-2.4.1.
>
> the client application segfaulted upon connection to a server.
>
> after some fiddling, i found out that this segfault was caused by the
> CVE-2008-4989 patch
> http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217
> that was added by opensuse to gnutls-2.4.1
> using a plain gnutls-2.4.1 worked fine. gnutls-2.6.3 worked fine as well.
>
> the segfault also happens just using gnutls-cli to connect so its not a
> problem of libprelude.
>
> i can provide a certificate and a server to reproduce this segfault, if
> anyone is interested.
>
>
> the segfault just seems to happen with certain server- and ca-certificates.
> connecting to a regular https-server worked fine.
>
> i dont know enough of gnutls-internals to really figure out what the problem
> is, but it would be neat if this segfault could be fixed in 2.4.x. since
> 2.6.3 does not segfault, there seems to be a way to fix the vulnerability
> without this segfault...

The code in 2.6.3 should work equally well to 2.4.x as well, and I
believe it will solve the problem with crashes.  So I suggest you ask
the OpenSUSE team to compare 2.6.0 with 2.6.3 and apply the relevant
patch.  Btw, 2.4.2 also contains a fix for another crash that may be
useful to apply.

/Simon





More information about the Gnutls-devel mailing list