[gnutls-devel] Problem with proxied connections on 3.5.3

Andreas Metzler ametzler at bebt.de
Fri Sep 16 19:28:30 CEST 2016


On 2016-08-28 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Fri, Aug 26, 2016 at 7:18 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> > Hello,
> >
> > this is https://bugs.debian.org/835342 reported by
[...]
> Something is wrong there. I don't see any changes in gnutls code that
> could result to it. Could the user bisect since 3.5.2 and try to
> figure out the change that causes that issue? Is there a reproducer?
[...]

Hello,

yes, there is a reproducer, and we now have git bisect:
--------------------------------------------------------------
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835342#49>
Hey there,
After struggling a bit with the process of "bisecting", I think I got
something :).
You can view git bisect log here http://pastebin.com/sj1ZbbqA

c801a15bca9ea8f3f7abd4be48bebd36c54eeba2 is the first bad commit
commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Aug 1 10:48:46 2016 +0200

    nettle: use rsa_*_key_prepare

    Previously we calculated the size of the key directly, but
    by using the rsa_*_key_prepare we benefit from any checks that
    may be introduced in the future. Specifically any checks for invalid
    public keys (e.g., keys that may crash the underlying gmp functions).

:040000 040000 29a2377df28240d7688082ac12318baacdd1bb7c
23aa890386085677a878268578e9a2c27d396c80 Mlib

It seems the commit "b0d560b" reverts  "c801a15", and commit 186dc9c
breaks it again.

I hope that helps.
--------------------------------------------------------------

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gnutls-devel mailing list