[gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees output argument in some conditions (#1535)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun Mar 24 21:03:42 CET 2024
Adrien Béraud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1535
We were previously using `gnutls_privkey_decrypt_data` this way:
```c++
gnutls_datum_t out;
int err = gnutls_privkey_decrypt_data(key, 0, &dat, &out);
```
as the documentation for gnutls_privkey_decrypt_data makes no requirement for `out`.
However since the last release 3.8.4, this would cause a crash when the decryption fails,
because `gnutls_privkey_decrypt_data` would attempt to free the buffer pointed by `out`, which would be occasional crashes since out is uninitialized and might point to random values.
This can be easily fixed by initializing out to a null pointer,<br>
however I believe this is a GnuTLS bug because [the documentation](https://gnutls.org/reference/gnutls-abstract.html#gnutls-privkey-decrypt-data) specifies `plaintext`(`out`) as an output-only argument.
Best regards
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/3795d732/attachment.html>
More information about the Gnutls-devel
mailing list