[sr #107775] GnuTLS 3.0.0 causes segfault
INVALID.NOREPLY at gnu.org
Tue Aug 30 13:59:41 CEST 2011
Follow-up Comment #9, sr #107775 (project gnutls):
I figured out where those wrong values come from (well, kinda).
In _gnutls_send_int, cipher_size is a size_t. It is assigned the result from
_gnutls_encrypt() in line 437. However, this function returns an int where
negative values are used for errors. Line 440 then indeed checks if
(cipher_size <= 0), however, since size_t is unsigned, this would only be true
if cipher_size == 0.
This code then goes on and tries to send garbage.
Patch for this hopefully is attached, however I'm not sure if the size_t type
is required for other places in this code. Someone with a clue should check
carefully and perhaps split cipher_size up into two different variables. It
might also make sense to use int instead of ssize_t. Dunno.
Now, I only have to figure out why I get GNUTLS_E_COMPRESSION_FAILED (-27)
immediately after the handshake...
Additional Item Attachment:
File name: patch Size:0 KB
Reply to this item at:
Nachricht geschickt von/durch Savannah
More information about the Gnutls-devel