[gnutls-devel] GnuTLS | Null pointer dereference in MD_UPDATE (#1306)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Dec 17 15:31:26 CET 2021 


zhengxiong luo created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1306



## Description of problem:

Using gnutls with guile disabled, null pointer may passed to `memcpy` as argument 2, causing null pointer dereference.



## How to reproduce:

You can easily reproduce this issue:

* Build gnutls with UBSan:

```shell
CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./bootstrap
CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./configure --disable-guile --disable-doc
CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g"  make
```

* Run server:

```shell
./gnutls/src/.libs/gnutls-serv -p 7834 -d 9999
```

* Run client:

```shell
$ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="../../lib/.libs:/usr/lib64"  ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
```

Then the program will crash with the following log:

```shell
Processed 128 CA certificate(s).
Resolving 'localhost:7834'...
Connecting to '127.0.0.1:7834'...
sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
    #0 0x7f9a7c53f146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
    #1 0x7f9a7d935f7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
    #2 0x7f9a7d2bc1fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
    #3 0x7f9a7d3b8faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
    #4 0x7f9a7d455ee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
    #5 0x7f9a7d7ed3d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
    #6 0x7f9a7d7ebec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
    #7 0x7f9a7d7f18af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
    #8 0x7f9a7d7e4820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
    #9 0x7f9a7d2df26b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
    #10 0x7f9a7d45aa69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
    #11 0x7f9a7d2dd41a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
    #12 0x7f9a7d261e96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
    #13 0x7f9a7d23c6db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
    #14 0x7f9a7d23b47f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
    #15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
    #16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
    #17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
    #18 0x7f9a7ca310b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
```



Here is the debug information:

```shell
$ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="./gnutls/lib/.libs:/usr/lib64" gdb --args ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./gnutls-cli...
(gdb) b /root/projects/bleem/nettle-3.6/sha256.c:100
No source file named /root/projects/bleem/nettle-3.6/sha256.c.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (/root/projects/bleem/nettle-3.6/sha256.c:100) pending.
(gdb) r
Starting program: /root/projects/bleem/gnutls/src/.libs/gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1"..
Processed 128 CA certificate(s).
Resolving 'localhost:7834'...
Connecting to '127.0.0.1:7834'...

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5620, length=64,
    data=0x7fffffff52a0 '\\' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
100     sha256.c
(gdb) c
Continuing.

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5690, length=64,
    data=0x7fffffff52a0 '6' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
100     in sha256.c
(gdb)
Continuing.

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=20, data=0x603000029830 "\210\363\202K>VY\365-")
    at sha256.c:100
100     in sha256.c
(gdb)
Continuing.

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=32,
    data=0x7fffffff53c0 "\224(\204\365\362W\002\331\327+\200\250\257\234\017\256m8(q5\267\200x\236\332<\023\004\305\067X") at sha256.c:100
100     in sha256.c
(gdb)
Continuing.

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff6720, length=0, data=0x0) at sha256.c:100
100     in sha256.c
(gdb)
Continuing.
sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
[Detaching after fork from child process 3176009]
    #0 0x7ffff6799146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
    #1 0x7ffff7b8ff7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
    #2 0x7ffff75161fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
    #3 0x7ffff7612faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
    #4 0x7ffff76afee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
    #5 0x7ffff7a473d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
    #6 0x7ffff7a45ec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
    #7 0x7ffff7a4b8af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
    #8 0x7ffff7a3e820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
    #9 0x7ffff753926b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
    #10 0x7ffff76b4a69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
    #11 0x7ffff753741a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
    #12 0x7ffff74bbe96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
    #13 0x7ffff74966db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
    #14 0x7ffff749547f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
    #15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
    #16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
    #17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
    #18 0x7ffff6c8b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in

Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5240, length=64,
    data=0x7fffffff4ec0 "\310:\216\341j\177\224\020ݚqs\225\372\tV\230\357\242$*\271\003\026\\\234nȓ\343]\231", '\\' <repeats 32 times>, "\001") at sha256.c:100
100     in sha256.c
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1306
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211217/8fd1f0dc/attachment-0001.html>

More information about the Gnutls-devel mailing list