[gnutls-devel] GnuTLS | decode_error with a very big compress certificate message (#1594)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Oct 16 11:45:20 CEST 2024
George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1594
## Description of problem:
When we have a very big compressed certificate message then we get a decode_error from the server but the message has the correct format. The message should pass the decoding error and pass. For example, if we have the message "0x19 + 0x4c4b48 + 0x0001 + 0x000fff + 0x4c4b40 + (5000000 * 0x00)", which is a valid message according to RFC, it should be decoded correctly and then sent back a bad_certificate alert since the compressed message cannot be decompressed.
## Version of gnutls used:
gnutls-3.8.7
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL and Fedora
## How reproducible:
Always
Steps to Reproduce:
* Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py with "--random-fuzz-size 5" against a GnuTLS server.
## Actual results:
Tests "fuzzing of * bytes" from test-tls13-client-certificate-compression.py fail
## Expected results:
Tests "fuzzing of * bytes" from test-tls13-client-certificate-compression.py should pass
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1594
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241016/dbaa231d/attachment.html>
More information about the Gnutls-devel
mailing list