[patch] Fix a crash when getting dn of a certificate

Vincent Untz vuntz at gnome.org
Mon Oct 17 15:19:37 CEST 2011


Hi,

Somebody stumbled upon this gnutls crash in openSUSE:

*** glibc detected *** /usr/lib/telepathy-haze: free(): invalid pointer: 0x0000000000a5d900 ***

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff66e9f10 in malloc_consolidate () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff66e9f10 in malloc_consolidate () from /lib64/libc.so.6
#1  0x00007ffff66eb0d3 in _int_malloc () from /lib64/libc.so.6
#2  0x00007ffff66ec1d2 in malloc_check () from /lib64/libc.so.6
#3  0x00007ffff66ef11d in calloc () from /lib64/libc.so.6
#4  0x00007ffff7de69ce in _dl_new_object () from /lib64/ld-linux-x86-64.so.2
#5  0x00007ffff7de2196 in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2
#6  0x00007ffff7de3f97 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
#7  0x00007ffff7dedc2b in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#8  0x00007ffff7de9bd6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#9  0x00007ffff7ded7ca in _dl_open () from /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff6785440 in do_dlopen () from /lib64/libc.so.6
#11 0x00007ffff7de9bd6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#12 0x00007ffff67854df in dlerror_run () from /lib64/libc.so.6
#13 0x00007ffff6785547 in __libc_dlopen_mode () from /lib64/libc.so.6
#14 0x00007ffff67609d5 in init () from /lib64/libc.so.6
#15 0x00007ffff6a103d3 in pthread_once () from /lib64/libpthread.so.0
#16 0x00007ffff6760af4 in backtrace () from /lib64/libc.so.6
#17 0x00007ffff66e3e8f in __libc_message () from /lib64/libc.so.6
#18 0x00007ffff66e9bb6 in malloc_printerr () from /lib64/libc.so.6
#19 0x00007fffece76eb4 in _gnutls_x509_parse_dn (asn1_struct=0x9cbc40, asn1_rdn_name=
    0x7fffeced0d68 "tbsCertificate.subject.rdnSequence", buf=0x0, sizeof_buf=0x7fffffffd338) at dn.c:287

(from https://bugzilla.novell.com/show_bug.cgi?id=724421)

Here's a patch to fix it.

Cheers,

Vincent

-- 
Les gens heureux ne sont pas pressés.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Correctly-terminate-a-string-with-0-before-concatena.patch
Type: text/x-diff
Size: 728 bytes
Desc: not available
URL: </pipermail/attachments/20111017/b53f43f7/attachment.patch>


More information about the Gnutls-devel mailing list