[gnutls-devel] GnuTLS | Use custom allocators for GMP to make sure temporary secrets (41c9c845)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Aug 20 16:38:41 CEST 2022




Luke D'Alessandro started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858

> +
> +	/* Check if non-default allocators are being used.
> +	 * Some applications like guile override GMP allocators
> +	 * with GC capable alternatives. Do nothing if this is
> +	 * the case.
> +	 */
> +	mp_get_memory_functions(&allocfunc, &reallocfunc, &freefunc);
> +	mp_set_memory_functions(NULL, NULL, NULL);
> +	mp_get_memory_functions(&defallocfunc, &defreallocfunc, &deffreefunc);
> +	if (reallocfunc != defreallocfunc || freefunc != deffreefunc) {
> +		mp_set_memory_functions(allocfunc, reallocfunc, freefunc);
> +		return (0);
> +	}
> +
> +	/* Overload GMP allocators with safe alternatives */
> +	mp_set_memory_functions(NULL, gnutls_realloc_zero, gnutls_free_zero);

This causes a segfault during `__run_exit_handlers` if `libgnutls.so` is unloaded before GMP tries to free memory. See issue 1398. I think gnutls needs to at least store the previous functions and restore them as part of `gnutls_crypto_deinit()`. Assuming this gets called prior to `exit()` it will avoid the issue.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220820/672044ab/attachment-0001.html>


More information about the Gnutls-devel mailing list