[gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jul 24 15:43:31 CEST 2019



Tim Rühsen created an issue:


  - there is no global init (or deinit) function for libtasn1 to reset global variables after use
- global variables are accessed without locking -> no thread-safety
- calling asn1_parser2tree()/asn1_delete_structure() can only be done once due to global variable state
- that means fuzzing with libFuzzer is currently now possible

Just for fuzzing, there is a simple solution: adding a asn1_global_init() function to set all global variables to default values.

There yacc options like `%option reentrant`. But I assume that we need a session struct and alloc/free functions to achieve parallel parser operations. I'm not deep enough into yacc/flex to quickly make this up.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190724/5c927a30/attachment.html>


More information about the Gnutls-devel mailing list