[gnutls-dev] bugreport: segmentation fault in gnutls_certificate_set_x509_crl()

Simon Josefsson simon at josefsson.org
Wed Dec 27 09:32:53 CET 2006


Max Kellermann <max at duempel.org> writes:

> Hi,
>
> gnutls version 1.4.4 as well as the CVS head crash when a program uses
> gnutls_certificate_set_x509_crl().  In the for loop, it calls
> _gnutls_x509_crl_cpy() with new and uninitialized elements of the
> res->x509_crl_list array.  This leads to a segmentation fault.
>
> I suggest adding gnutls_x509_crl_init() before each
> _gnutls_x509_crl_cpy() call.

Hi!  Sorry for the slow response, I just returned from vacation.

I wrote a self-test for this, installed as
tests/certificate_set_x509_crl.c, but were unable to reproduce a
crash.  However, the function is clearly wrong (and the self test
failed), and probably leads to a crash depending on uninitialized
values.  Your suggestion indeed solves the problem.  Fixed in CVS for
both 1.6.x and 1.7.x.

/Simon



More information about the Gnutls-dev mailing list