[sr #107775] GnuTLS 3.0.0 causes segfault

anonymous INVALID.NOREPLY at gnu.org
Tue Aug 30 13:59:41 CEST 2011

Follow-up Comment #9, sr #107775 (project gnutls):

I figured out where those wrong values come from (well, kinda).

In _gnutls_send_int, cipher_size is a size_t. It is assigned the result from
_gnutls_encrypt() in line 437. However, this function returns an int where
negative values are used for errors. Line 440 then indeed checks if
(cipher_size <= 0), however, since size_t is unsigned, this would only be true
if cipher_size == 0.

This code then goes on and tries to send garbage.

Patch for this hopefully is attached, however I'm not sure if the size_t type
is required for other places in this code. Someone with a clue should check
carefully and perhaps split cipher_size up into two different variables. It
might also make sense to use int instead of ssize_t. Dunno.

Now, I only have to figure out why I get GNUTLS_E_COMPRESSION_FAILED (-27)
immediately after the handshake...

(file #23906)

Additional Item Attachment:

File name: patch                          Size:0 KB


Reply to this item at:


  Nachricht geschickt von/durch Savannah

More information about the Gnutls-devel mailing list