[gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jun 10 20:43:28 CEST 2013


On 06/10/2013 02:47 PM, anonymous wrote:


[...]

>

> The immediate cause, obviously, is that 'buf' is NULL. The ultimate cause is
> also obvious: print_crq() calls gnutls_x509_crq_get_challenge_password() with
> a NULL buf argument and an uninitialized size. How this works at all, ever,
> even on 64-bit platforms, is a mystery to me. A NULL buf is not documented as
> working, but since it is passed in by the API testsuite as well as by
> print_crq() it is clear that it's meant to work.

>

> The obvious fix is to test buf for nullity in _gnutls_strdatum_to_buf(), as
> well as checking the size for validity, and return
> GNUTLS_E_SHORT_MEMORY_BUFFER and update the sizeof_buf if it's NULL as well as
> if it's short. This means you can set the size by passing in any size at all
> and a NULL buf, rather than requiring a zero size.


Hello Nick,
 Which version of gnutls does this affect? The latest releases seem to
have a similar fix applied.

regards,
Nikos




More information about the Gnutls-devel mailing list