[sr #107831] local 'len' in gnutls_x509_crt_get_key_id not initialized, causing segmentation fault

anonymous INVALID.NOREPLY at gnu.org
Wed Oct 5 20:45:12 CEST 2011


URL:
  <http://savannah.gnu.org/support/?107831>

                 Summary: local 'len' in gnutls_x509_crt_get_key_id not
initialized, causing segmentation fault
                 Project: GnuTLS
            Submitted by: None
            Submitted on: Wed 05 Oct 2011 06:45:11 PM UTC
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: Erik.Jensen at pnnl.gov
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

With gnutls 3.0.3, certtool segfaults when I try to generate a self-signed
certificate. The problem is that 

asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo", NULL, &len,
NULL);

is called with len unitialized. Since len contains garbage, asn1_der_coding
thinks it is okay to write to the output buffer, which is NULL. The following
patch fixes the problem for me.


--- gnutls-3.0.3/lib/x509/x509.c.orig	2011-10-05 17:25:53.025852307 +0000
+++ gnutls-3.0.3/lib/x509/x509.c	2011-10-05 17:26:04.232713442 +0000
@@ -2283,7 +2283,7 @@
                             unsigned char *output_data,
                             size_t * output_data_size)
 {
-  int pk, result = 0, len;
+  int pk, result = 0, len = 0;
   gnutls_datum_t pubkey;
 
   if (crt == NULL)






    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107831>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list