[gnutls-devel] segfault on gnutls_x509_crt_import

Marcos Agüero wiredrat at gmail.com
Mon Apr 21 16:34:35 CEST 2014


While using libcurl with gnutls, on certain URL
hxxps://harrowmedia.com/(WARNING! URL is known to host malware), i'm
getting unexpected
segmentation fault. I'm not sure if it's related to libcurl version or
gnutls, but I suspect that is a malformed certificate.

I'm using gnutls version 2.12.23-12ubuntu2 (latest ubuntu package)

Sample program (attached) backtrace:
(gdb) run
Starting program: /home/wiredrat/src/curl_poc/curl_gnutls
[Depuración de hilo usando libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Nuevo Thread 0x7ffff2c2b700 (LWP 25858)]
[Thread 0x7ffff2c2b700 (LWP 25858) terminado]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e9db19 in gnutls_x509_crt_import () from
(gdb) bt
#0  0x00007ffff6e9db19 in gnutls_x509_crt_import () from
#1  0x00007ffff7bc1ec9 in gtls_connect_step3 (conn=conn at entry=0x65aa50,
sockindex=sockindex at entry=0) at vtls/gtls.c:708
#2  0x00007ffff7bc2a7a in gtls_connect_common (conn=conn at entry=0x65aa50,
sockindex=sockindex at entry=0, nonblocking=nonblocking at entry=true,
    done=done at entry=0x7fffffffdde5) at vtls/gtls.c:918
#3  0x00007ffff7bc2e0d in Curl_gtls_connect_nonblocking
(conn=conn at entry=0x65aa50,
sockindex=sockindex at entry=0,
    done=done at entry=0x7fffffffdde5) at vtls/gtls.c:933
#4  0x00007ffff7bc3540 in Curl_ssl_connect_nonblocking
(conn=conn at entry=0x65aa50,
sockindex=sockindex at entry=0, done=0x7fffffffdde5)
    at vtls/vtls.c:293
#5  0x00007ffff7b86ffe in https_connecting (conn=0x65aa50, done=<optimized
out>) at http.c:1354
#6  0x00007ffff7ba9571 in multi_runsingle (multi=multi at entry=0x6514f0,
now=..., data=data at entry=0x648750) at multi.c:1195
#7  0x00007ffff7baa1c1 in curl_multi_perform
(multi_handle=multi_handle at entry=0x6514f0,
    running_handles=running_handles at entry=0x7fffffffdea4) at multi.c:1752
#8  0x00007ffff7ba1923 in easy_transfer (multi=0x6514f0) at easy.c:705
#9  easy_perform (events=false, data=0x648750) at easy.c:784
#10 curl_easy_perform (easy=0x648750) at easy.c:803
#11 0x0000000000400b06 in main ()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140421/e77f940f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: curl_poc.c
Type: text/x-csrc
Size: 1238 bytes
Desc: not available
URL: </pipermail/attachments/20140421/e77f940f/attachment.c>

More information about the Gnutls-devel mailing list