[gnutls-devel] GnuTLS 3.2.15 SIGSEGV in _gnutls_buffer_append_data

Jaak Ristioja jaak.ristioja at cyber.ee
Tue Dec 16 14:48:21 CET 2014


On 16.12.2014 14:11, Nikos Mavrogiannopoulos wrote:
> That looks like a memory corruption. For these types of errors valgrind
> may given more reliable information than gdb. Could you have a run with
> valgrind?

Unfortunately my minimal test case requires too much memory, Valgrind's
memory manager is unable to allocate this much and exits with a verbose
OOM message.

> The idea is to have a buffer where data can be appended easily and
> quickly.

The code seems to contain a lot of complicated logic for something which
should be rather simple. I don't understand why all the memmove logic is
needed when appending to the buffer.

To work around the valgrind issue, I just wrote a minimal test-case
(sources attached to this e-mail) using the anonymous authentication
examples in the manual. When run, it seems to hit some integer overflow
bug in GnuTLS. I attached the modified examples to this e-mail.

The server outputs:
  Server ready. Listening to port '5556'.
  - connection from 127.0.0.1, port 39196
  - Handshake was completed
  *** Received corrupted data(-110). Closing the connection. The TLS
connection was non-properly terminated

The client outputs:
  - Session info: (TLS1.2)-(ANON-ECDH-SECP192R1)-(ARCFOUR-128)-(SHA1)
  2147482624 GnuTLS fatal error (-2147483648): (unknown error code)
  Aborted

So gnutls_record_send() returns -2147483648 (INT32_MIN). I'm not sure
whether this is related to what I get in my application.

Regards,
Jaak Ristioja
Cybernetica AS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.c
Type: text/x-csrc
Size: 4412 bytes
Desc: not available
URL: </pipermail/attachments/20141216/336ec2d7/attachment-0002.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.c
Type: text/x-csrc
Size: 5782 bytes
Desc: not available
URL: </pipermail/attachments/20141216/336ec2d7/attachment-0003.c>


More information about the Gnutls-devel mailing list