[gnutls-devel] GnuTLS | cve-2019-3829 testcase does not trigger error (#1021)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Jun 7 15:03:38 CEST 2020



Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1021



Hello,

the testcase for cve-2019-3829 in tests/cert-tests/invalid-sig does not trigger an error anymore since the certificate expired:
~~~
(stretch)ametzler at argenau:/tmp$ certtool --verify-chain --infile /tmp/cve-2019-3829.pem > /dev/null ; echo $?
1
(stretch)ametzler at argenau:/tmp$ datefudge -s 2020-01-01 certtool --verify-chain --infile /tmp/cve-2019-3829.pem > /dev/null 2>&1 ; echo $?
*** Error in `certtool': double free or corruption (out): 0x0000557141ae3c00 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f5b86fd8bfb]
[...]
7fff4e9c9000-7fff4e9cb000 r-xp 00000000 00:00 0                          [vdso]
Aborted
134
~~~

cu Andreas

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1021
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200607/5025eb72/attachment.html>


More information about the Gnutls-devel mailing list