[gnutls-devel] gnutls 3.2.3 segfault in _gnutls_epoch_set_keys
Stefan Bühler
stbuehler at lighttpd.net
Fri Aug 2 15:21:29 CEST 2013
Hi,
On Fri, 2 Aug 2013 08:32:04 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Fri, Aug 2, 2013 at 12:53 AM, Stefan Bühler
> <stbuehler at lighttpd.net> wrote:
> > Hi,
> > I get segfaults with libgnutls28-3.2.3-1:i386 from debian unstable,
> > client is firefox (iceweasel) 22, TLS1.0, ciphersuite
> > TLS_RSA_WITH_RC4_128_SHA (0x0005). Usually this happens when I
> > start a second request when another one is already running, but
> > pausing and resuming a download can trigger it too.
>
> Hello Stefan,
> Is that crash on a resumed session? Is that re-producable using
> gnutls-serv?
Yes, I think it is a resumed session; it is using tickets, not cookies.
gnutls-serv somehow doesn't return a ticket, although I'm not sure why;
I couldn't reproduce it with gnutls-serv so far, so it probably has
something to do with tickets.
I disabled keep-alive on my local test config for lighttpd2/mod_gnutls,
and now it was really easy to reproduce... just did 2 or 3 requests :)
Also I have a better backtrace now (this is amd64):
(gdb) bt full
#0 0x00007fffee4e2e76 in _gnutls_epoch_set_keys (session=session at entry=0x6bdaa0, epoch=epoch at entry=1) at gnutls_constate.c:327
comp_algo = GNUTLS_COMP_NULL
params = 0x6bc980
ret = <optimized out>
#1 0x00007fffee4e3224 in _gnutls_write_connection_state_init (session=session at entry=0x6bdaa0) at gnutls_constate.c:489
epoch_next = 1
ret = <optimized out>
#2 0x00007fffee4d09cd in _gnutls_send_handshake_final (session=session at entry=0x6bdaa0, init=init at entry=1) at gnutls_handshake.c:2907
ret = <optimized out>
#3 0x00007fffee4d3e39 in _gnutls_handshake_server (session=0x6bdaa0) at gnutls_handshake.c:3156
ret = <optimized out>
#4 gnutls_handshake (session=0x6bdaa0) at gnutls_handshake.c:2530
ret = <optimized out>
params = 0x69d680
#5 0x00007fffee7b916f in do_gnutls_handshake (f=0x6b8b40, writing=0) at /home/stefan/projects/lighttpd/lighttpd2/src/modules/gnutls_filter.c:260
r = <optimized out>
[...]
(gdb) p *params
$1 = {epoch = 1, initialized = 0, compression_algorithm = GNUTLS_COMP_NULL, cipher = 0x0, mac = 0x0, record_sw = {0 <repeats 64 times>}, record_sw_head_idx = 0, record_sw_size = 0, read = {mac_secret = {data = 0x0, size = 0}, IV = {data = 0x0, size = 0}, key = {
data = 0x0, size = 0}, cipher_state = {cipher = {handle = 0x0, e = 0x0, encrypt = 0x0, decrypt = 0x0, auth = 0x0, tag = 0x0, setiv = 0x0, deinit = 0x0}, mac = {dig = {e = 0x0, hash = 0x0, output = 0x0, deinit = 0x0, key = 0x0, keysize = 0, handle = 0x0}, mac = {
e = 0x0, mac_len = 0, hash = 0x0, setnonce = 0x0, output = 0x0, deinit = 0x0, handle = 0x0}}, is_mac = 0, ssl_hmac = 0, non_null = 0, tag_size = 0}, compression_state = {handle = 0x0, algo = GNUTLS_COMP_UNKNOWN}, sequence_number = {
i = "\000\000\000\000\000\000\000"}, new_record_padding = 0 '\000'}, write = {mac_secret = {data = 0x0, size = 0}, IV = {data = 0x0, size = 0}, key = {data = 0x0, size = 0}, cipher_state = {cipher = {handle = 0x0, e = 0x0, encrypt = 0x0, decrypt = 0x0,
auth = 0x0, tag = 0x0, setiv = 0x0, deinit = 0x0}, mac = {dig = {e = 0x0, hash = 0x0, output = 0x0, deinit = 0x0, key = 0x0, keysize = 0, handle = 0x0}, mac = {e = 0x0, mac_len = 0, hash = 0x0, setnonce = 0x0, output = 0x0, deinit = 0x0, handle = 0x0}},
is_mac = 0, ssl_hmac = 0, non_null = 0, tag_size = 0},
compression_state = {handle = 0x0, algo = GNUTLS_COMP_UNKNOWN},
sequence_number = {i = "\000\000\000\000\000\000\000"},
new_record_padding = 0 '\000'}, usage_cnt = 0}
More information about the Gnutls-devel
mailing list