[gnutls-devel] memcpy problem with RSA-PSK
A. Klitzing
aklitzing at gmail.com
Thu Apr 17 23:31:29 CEST 2014
Hi there!
We implemented a client that used GnuTLS with an RSA-PSK cipher. We're
compiling our binary with the address sanitizer of clang and found that it
will catch a memcpy problem of GnuTLS.
So we tried a little bit and used valgrind, too. It will get the same
stacktrace. The same problem is in gnutls-cli binary with RSA-PSK. So this
cannot be a mistake in our code.
This stacktrace is from valgrind with v3.3.0 of gnutls-cli. You will get
the same in v3.2.4.
Could you look into it? It's really annoying that the adress sanitizer will
terminate our binary because of GnuTLS. ;-)
Best regards!
André Klitzing
Used cipher: RSA_PSK_SHA_AES_256_CBC_SHA1
==10822== Invalid write of size 2
==10822== at 0x4C2CD54: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10822== by 0x4F14C4A: _gnutls_proc_psk_server_kx (psk.c:350)
==10822== by 0x4E7132F: _gnutls_recv_server_kx_message (gnutls_kx.c:452)
==10822== by 0x4E6C3A7: _gnutls_handshake_client
(gnutls_handshake.c:2717)
==10822== by 0x4E6BD21: gnutls_handshake (gnutls_handshake.c:2532)
==10822== by 0x409952: do_handshake (cli.c:1501)
==10822== by 0x408B3E: main (cli.c:1119)
==10822== Address 0x71d8ca0 is 48 bytes inside a block of size 64 free'd
==10822== at 0x4C2999C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10822== by 0x4F0D674: _gnutls_proc_x509_server_crt (cert.c:1148)
==10822== by 0x4F0E183: _gnutls_proc_crt (cert.c:1369)
==10822== by 0x4E717D3: _gnutls_recv_server_certificate (gnutls_kx.c:634)
==10822== by 0x4E6C1DE: _gnutls_handshake_client
(gnutls_handshake.c:2695)
==10822== by 0x4E6BD21: gnutls_handshake (gnutls_handshake.c:2532)
==10822== by 0x409952: do_handshake (cli.c:1501)
==10822== by 0x408B3E: main (cli.c:1119)
==10822==
==10822== Invalid write of size 1
==10822== at 0x4F14C54: _gnutls_proc_psk_server_kx (psk.c:351)
==10822== by 0x4E7132F: _gnutls_recv_server_kx_message (gnutls_kx.c:452)
==10822== by 0x4E6C3A7: _gnutls_handshake_client
(gnutls_handshake.c:2717)
==10822== by 0x4E6BD21: gnutls_handshake (gnutls_handshake.c:2532)
==10822== by 0x409952: do_handshake (cli.c:1501)
==10822== by 0x408B3E: main (cli.c:1119)
==10822== Address 0x71d8ca4 is 52 bytes inside a block of size 64 free'd
==10822== at 0x4C2999C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10822== by 0x4F0D674: _gnutls_proc_x509_server_crt (cert.c:1148)
==10822== by 0x4F0E183: _gnutls_proc_crt (cert.c:1369)
==10822== by 0x4E717D3: _gnutls_recv_server_certificate (gnutls_kx.c:634)
==10822== by 0x4E6C1DE: _gnutls_handshake_client
(gnutls_handshake.c:2695)
==10822== by 0x4E6BD21: gnutls_handshake (gnutls_handshake.c:2532)
==10822== by 0x409952: do_handshake (cli.c:1501)
==10822== by 0x408B3E: main (cli.c:1119)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140417/e856420a/attachment.html>
More information about the Gnutls-devel
mailing list