[gnutls-devel] [sr #108224] Segmentation fault when /dev/urandom is unavailable.

Joshua Phillips INVALID.NOREPLY at gnu.org
Mon Jan 7 17:21:13 CET 2013


URL:
  <http://savannah.gnu.org/support/?108224>

                 Summary: Segmentation fault when /dev/urandom is unavailable.
                 Project: GnuTLS
            Submitted by: xlq
            Submitted on: Mon 07 Jan 2013 04:21:12 PM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 2 - Minor
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

In lib/nettle/egd.c, find_egd_name returns NULL on failure. This is passed
directly to strlen in _rndegd_connect_socket, causing a segmentation fault if
neither /dev/urandom nor EGD are available.

The attached untested patch checks the pointer returned from find_egd_name.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 07 Jan 2013 04:21:12 PM GMT  Name: egd-crash.diff  Size: 432B   By:
xlq

<http://savannah.gnu.org/support/download.php?file_id=27217>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108224>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




More information about the Gnutls-devel mailing list