[gnutls-devel] 3.2.2 breaks TLS sockets

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jul 26 15:29:59 CEST 2013

On Fri, Jul 26, 2013 at 3:17 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:

>> Yes, with gio. I used the "get" test program from the libsoup sources
>> (basically wget implemented via libsoup). And yes, the error occurred
>> while reading the response. (So I guess you want to test against a large
>> resource.)
>> gio normally uses "NORMAL:%COMPAT", but I verified that the bug happens
>> without %COMPAT too, and I don't think there's anything else especially
>> unusual that gio does. So it *should* be possible to reproduce with
>> gnutls-cli, maybe doing something like:
> Thank you. I see that RSA_ARCFOUR_SHA1 is negotiated. Is it easy to
> check whether this occurs when AES128-CBC-SHA1 is used (e.g. by using
> NORMAL:-ARCFOUR-128 as the priority string)? If not then the issue is
> pretty much contained and I hope to fix it soon.

This patch should fix the issue. If I am correct on the interpretation
of the issue, it seems that these particular servers exceed the
maximum allowed number of bytes. The %COMPAT keyword should have
allowed them nevertheless, and that is what the patch do.

Please let me know if that fixes the issue, and if not, if possible
let me know of the debugging output.

-------------- next part --------------
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 198cb34..3caa5ac 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
         return gnutls_assert_val(ret);
       if (unlikely((unsigned)length_to_decrypt > compressed->size))
-        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+        {
+          _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
+                    (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
+          return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+        }
       ret =
            _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 993ddb9..4795711 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1193,8 +1193,8 @@ begin:
   /* We allocate the maximum possible to allow few compressed bytes to expand to a
    * full record.
-  decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), 
-                             MAX_RECORD_RECV_SIZE(session));
+  t.size = _gnutls_get_max_decrypted_data(session);
+  decrypted = _mbuffer_alloc(t.size, t.size);
   if (decrypted == NULL)
     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

More information about the Gnutls-devel mailing list