Bug#638595: WWWOFFLE HTTPS now unusable

Andreas Metzler ametzler at downhill.at.eu.org
Sat Aug 27 14:53:40 CEST 2011


On 2011-08-25 "Andrew M. Bishop" <amb at gedanken.demon.co.uk> wrote:
[...]
> A better test is to do the following against your running WWWOFFLE
> server (you don't need to be online):

> lynx -dump https://localhost:8443/

ok. That makes it reproducible.
gnutls-cli or openssl s_client -connect 127.0.0.1:8443 also does the
trick.

[...]
> I can run WWWOFFLE under gdb to demonstrate the crash like this (while
> wwwoffled is running I run the lynx command above):

> # gdb /home/amb/wwwoffle-2.9g/src/wwwoffled
[...]

Throwing in a slightly better readable backtrace (against gnutls
2.12.7):
----------------------------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf7d036c0 (LWP 24626)]
_gcry_mpi_normalize (a=0x0) at mpi-bit.c:60
60      mpi-bit.c: No such file or directory.
        in mpi-bit.c
(gdb) bt
#0  _gcry_mpi_normalize (a=0x0) at mpi-bit.c:60
#1  0xf7d87e7a in _gcry_mpi_get_nbits (a=0x0) at mpi-bit.c:78
#2  0xf7d3c93b in gcry_mpi_get_nbits (a=0x0) at visibility.c:421
#3  0xf7f9d4eb in wrap_gcry_mpi_get_nbits (a=0x0) at mpi.c:131
#4  0xf7f2888a in _gnutls_pkcs1_rsa_decrypt (plaintext=0xffffd2b0, 
    ciphertext=0xffffd2b8, params=0x810fb10, params_len=0, btype=2)
    at gnutls_pk.c:223
#5  0xf7f4000b in gnutls_privkey_decrypt_data (key=0x8111ed0, flags=0, 
    ciphertext=0xffffd2b8, plaintext=0xffffd2b0) at gnutls_privkey.c:614
#6  0xf7f2481e in proc_rsa_client_kx (session=0x8110490, data=0x810fbb8 "", 
    _data_size=66) at auth_rsa.c:180
#7  0xf7f1d1f1 in _gnutls_recv_client_kx_message (session=0x8110490)
    at gnutls_kx.c:456
#8  0xf7f19076 in _gnutls_handshake_server (session=0x8110490)
    at gnutls_handshake.c:3059
#9  0xf7f1995f in gnutls_handshake (session=0x8110490)
    at gnutls_handshake.c:2677
#10 0x080875e3 in io_init_gnutls (fd=0, host=0x80fc580 "localhost", type=1)
    at iognutls.c:160
#11 0x080853ab in configure_io_gnutls (fd=0, host=0x80fc580 "localhost", 
    type=1) at io.c:376
#12 0x0804e863 in wwwoffles (online=0, fetching=0, client=0) at wwwoffles.c:174
#13 0x080641ad in ForkServer (fd=0) at connect.c:501
#14 0x0804ca55 in main (argc=5, argv=0xffffd884) at wwwoffled.c:649
----------------------------------

downgrading libgnutls26 to 2.10.5 fixes the issue.

I have trying to bisect this, but neither Gnutls master nor
gnutls_2_12_x are bisectable, the tree does not build for a a long
time, from August 2009 to May 2010. (after
9c8631c68a728584b46b7d2ceff2e872ae8a59dd and before
743dedcddb41d9a29a0e92fa85a24a5c270d5f01).

Making wwwoffle generate/use v3 certs or using Gnutls 3.0 does not
improve things.

cu andreas

[ Full quote, since I am Cc-ing bug-gnutls at gnu.org]
> This is with a vanilla wwwoffle 2.9g - unmodified since released.

> If you look at the WWWOFFLE code you will see that I am paranoid about
> a problem with gnutls and I check the return value from every gnutls
> function that is called before trying the handshake.


> Another way to view the problem is to look at the libgnutls functions
> that WWWOFFLE calls:

> # ltrace -l /usr/lib/i386-linux-gnu/libgnutls.so \
>   /home/amb/wwwoffle-2.9g/src/wwwoffled -c /etc/wwwoffle/wwwoffle.conf -f

> gnutls_global_init(0x810cf18, 0x80f01a4, 0x80f030e, 0xbf9e56c8, 88) = 0
> gnutls_x509_privkey_init(0xbf9e568c, 0xbf9e5284, 1024, 0xb78b0840, 0xb77bc28c) = 0
> gnutls_x509_privkey_import(0x8113830, 0xbf9e5684, 1, 0xb78b0840, 0xb77bc28c) = 0
> gnutls_x509_crt_list_import(0x80fbf60, 0xbf9e565c, 0xbf9e5654, 1, 1) = 1
> gnutls_x509_crt_get_activation_time(0x81039f0, 0x80d9150, 0xbf9e56b8, 0xbf9e56c8, 88) = 0x4abe3b3f
> gnutls_x509_crt_get_expiration_time(0x81039f0, 0x80d9150, 0xbf9e56b8, 0xbf9e56c8, 88) = 0x5061d5bf
> gnutls_dh_params_init(0x80fbf54, 0x80d9150, 0xbf9e56b8, 0xbf9e56c8, 88) = 0
> gnutls_dh_params_generate2(0x80feaa8, 1024, 0xbf9e56b8, 0xbf9e56c8, 88) = 0
> ...
> gnutls_init(0x82af284, 1, 10, 0x80f9104, 0xbf808cf8)                      = 0
> gnutls_set_default_priority(0x8195178, 1, 10, 0x80f9104, 0xbf808cf8)      = 0
> gnutls_x509_privkey_init(0xbf808bec, 0xbf8087e4, 1024, 0x80fc480, 0xbf808822) = 0
> gnutls_x509_privkey_import(0x818dd18, 0xbf808be4, 1, 0x80fc480, 0xbf808822) = 0
> gnutls_x509_crt_list_import(0x80fbf60, 0xbf808bbc, 0xbf808bb4, 1, 1)      = 1
> gnutls_x509_crt_get_activation_time(0x8159d50, 0x82b1c28, 0xbf808c4c, 0x80fc480, 1) = 0x4e4fff40
> gnutls_x509_crt_get_expiration_time(0x8159d50, 0x82b1c28, 0xbf808c4c, 0x80fc480, 1) = 0x53f399c0
> gnutls_x509_crt_verify(0x8159d50, 0x80fbf50, 1, 0, 0xbf808cac)            = 0
> gnutls_certificate_allocate_credentials(0xbf808ca4, 0x80fbf50, 1, 0, 0xbf808cac) = 0
> gnutls_certificate_set_x509_key(0x818ff70, 0xbf808ca8, 1, 0x818dd18, 0xbf808cac) = 0
> gnutls_certificate_set_dh_params(0x818ff70, 0x80feaa8, 1, 0x818dd18, 0xbf808cac) = 0x818ff70
> gnutls_x509_crt_deinit(0x8159d50, 0x80feaa8, 1, 0x818dd18, 0xbf808cac)    = 0xb77063c0
> gnutls_x509_privkey_deinit(0x818dd18, 0x80feaa8, 1, 0x818dd18, 0xbf808cac) = 161
> gnutls_credentials_set(0x8195178, 1, 0x818ff70, 0x80f9104, 0xbf808cf8)    = 0
> gnutls_transport_set_ptr(0x8195178, 0, 0x818ff70, 0x80f9104, 0xbf808cf8)  = 0x8195178
> gnutls_handshake(0x8195178, 0, 0x818ff70, 0x80f9104, 0xbf808cf8 <unfinished ...>


> Looking at the list of functions I can see that there are two
> gnutls_x509_*_deinit() functions called before the handshake.

> Calling the first one, gnutls_x509_crt_deinit(), is OK, but calling
> the second one, gnutls_x509_privkey_deinit(), before the handshake
> will cause it to crash.

> The documentation for these functions don't say that you can't call
> the 'deinit' function until after the handshake.  The libgnutls NEWS
> file doesn't say that there is an ABI change in this area either.  It
> certainly used to work that you could do this.





More information about the Gnutls-devel mailing list