[gnutls-dev] [algernon@bonehunter.rulez.org: Bug#187434: libgnutls5: OpenPGP certificates deadlock]

Ivo Timmermans ivo@o2w.nl
Thu Apr 3 13:19:01 2003 

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

FYI.


	Ivo

-- 
Norton SystemWorks 2002 includes a file erasure program called Wipe
Info.  In the manual (page 160), we learn that "Wipe Info uses
hexadecimal values to wipe files.  This provides more security than
wiping with decimal values."  - Bruce Schneier

--opJtzjQTFsWo+cga
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <ivo@o2w.nl>
X-Original-To: o2w@schaapje.org
Delivered-To: ivo@schaapje.org
Received: from mail.o2w.nl (mail.o2w.nl [213.133.41.126])
	by juarez.schaapje.org (Postfix) with ESMTP id C8185A2
	for <o2w@schaapje.org>; Thu,  3 Apr 2003 13:11:12 +0200 (CEST)
Received: by mail.o2w.nl (Postfix, from userid 1001)
	id 98B7135BCE; Thu,  3 Apr 2003 13:11:11 +0200 (CEST)
Delivered-To: ivo@o2w.nl
Received: from master.debian.org (master.debian.org [65.125.64.135])
	by mail.o2w.nl (Postfix) with ESMTP id 3B03935BBE
	for <ivo@o2w.nl>; Thu,  3 Apr 2003 13:11:11 +0200 (CEST)
Received: from debbugs by master.debian.org with local (Exim 3.12 1 (Debian))
	id 1912Up-0003kk-00; Thu, 03 Apr 2003 05:03:03 -0600
X-Loop: owner@bugs.debian.org
Subject: Bug#187434: libgnutls5: OpenPGP certificates deadlock
Reply-To: Gergely Nagy <algernon@bonehunter.rulez.org>,
	187434@bugs.debian.org
Resent-From: Gergely Nagy <algernon@bonehunter.rulez.org>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: Ivo Timmermans <ivo@debian.org>,
	gnutls5@packages.qa.debian.org
Resent-Date: Thu, 03 Apr 2003 11:03:02 GMT
Resent-Message-ID: <handler.187434.B.10493672299645@bugs.debian.org>
X-Debian-PR-Message: report 187434
X-Debian-PR-Package: libgnutls5
X-Debian-PR-Keywords: patch upstream
Received: via spool by submit@bugs.debian.org id=B.10493672299645
          (code B ref -1); Thu, 03 Apr 2003 11:03:02 GMT
Date: Thu, 03 Apr 2003 12:53:42 +0200
Message-ID: <83vfxvdf7t.wl@iluvatar.ath.cx>
Cc: Gergely Nagy <algernon@bonehunter.rulez.org>
From: Gergely Nagy <algernon@bonehunter.rulez.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
User-Agent: Wanderlust/2.10.0 (Venus) Emacs/21.2 Mule/5.0 (SAKAKI)
X-Fortune: Sorry. Nice try.
X-Marvin: Life, loathe it or ignore it, you can't like it.
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: submit@bugs.debian.org
X-Spam-Level: 
Resent-Sender: Debian BTS <debbugs@master.debian.org>
X-Spam-Status: No, hits=-6.7 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,UNIFIED_PATCH,AWL version=2.20
X-Spam-Level: 

Package: libgnutls5
Version: 0.8.6-1
Severity: important
Tags: upstream patch

There is a bug in libextra/gnutls_openpgp.c, which results in an
infinite-loop when using OpenPGP certificates. The problem lies in
gnutls_certificate_set_openpgp_key_file and stream_to_datum (provided
that my analysis is correct).

gnutls_certificate_set_openpgp_key_file reads the file, parses it, and
so on, until it gets an EOF or an error. However, stream_to_datum()
seeks back to the beginning of the stream every time. Both at the
beginning (which is probably okay, since the stream should only
contain one key anyway), and one after it converted it. That is
probably bogus.

After removing the second call to cdk_stream_seek(),
gnutls_certificate_set_openpgp_key_file successfully gets out of the
while (!rc) loop. However, it fails the `if( rc == CDK_EOF && i > 1)'
check. Since - as far as I can grok the sources - i should be the
number of certificates/entries/whatever in the keyfile, and the file
should only contain one such thing according to the documentation, I
think that the second half of the check should allow i to be 1.

After these two trivial fixes, OpenPGP support appears to
work. However, I'm quite sure that either my "fix" is bogus, or I
generated wrong keys for the test application (I'm testing with
gnutls-cli and gnutls-serv, by the way).

I also see that there have been changes to
gnutls_certificate_set_openpgp_key_file in upstream CVS, but I didn't
have the time to test with a CVS snapshot yet. I will follow up to
this bugreport after I did.

In the meantime, below is the patch I came up with:

diff -u -ur gnutls5-0.8.6/libextra/gnutls_openpgp.c gnutls5-work/libextra/gnutls_openpgp.c
--- gnutls5-0.8.6/libextra/gnutls_openpgp.c	2003-02-04 13:52:25.000000000 +0100
+++ gnutls5-work/libextra/gnutls_openpgp.c	2003-04-03 12:33:27.000000000 +0200
@@ -271,7 +271,6 @@
         datum_append( raw, buf, nread );
         nbytes += nread;
     }
-    cdk_stream_seek( inp, 0 );
     if( !nbytes )
         rc = GNUTLS_E_INTERNAL_ERROR;
 
@@ -747,7 +746,7 @@
             }
         }
     }
-    if( rc == CDK_EOF && i > 1 )
+    if( rc == CDK_EOF && i >= 1 )
         rc = 0;
     cdk_stream_close( inp );
     if( rc ) {

--opJtzjQTFsWo+cga--