[gnutls-devel] GnuTLS | cve-2019-3829 testcase does not trigger error (#1021)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Jun 7 15:03:38 CEST 2020

Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1021


the testcase for cve-2019-3829 in tests/cert-tests/invalid-sig does not trigger an error anymore since the certificate expired:
(stretch)ametzler at argenau:/tmp$ certtool --verify-chain --infile /tmp/cve-2019-3829.pem > /dev/null ; echo $?
(stretch)ametzler at argenau:/tmp$ datefudge -s 2020-01-01 certtool --verify-chain --infile /tmp/cve-2019-3829.pem > /dev/null 2>&1 ; echo $?
*** Error in `certtool': double free or corruption (out): 0x0000557141ae3c00 ***
======= Backtrace: =========
7fff4e9c9000-7fff4e9cb000 r-xp 00000000 00:00 0                          [vdso]

cu Andreas

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1021
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200607/5025eb72/attachment.html>

More information about the Gnutls-devel mailing list