[gnutls-devel] GnuTLS | gnutls-cli crashes with segfault in mingw (#1446)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jan 6 21:33:06 CET 2023 


Biswapriyo Nath created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1446



## Description of problem:

gnutls-cli command crashes with segmentation fault.

## Version of gnutls used:

3.7.8

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

* Windows 10 build 19045
* msys2/mingw-w64
* gcc version 12.2.0 targeting x86_64-w64-mingw32
* Build command can be found in this file https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-gnutls/PKGBUILD
* With some patches from here https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-gnutls

## How reproducible:

Steps to Reproduce:

 * Run this command after compiling `gnutls-cli -d 1 imap.gmail.com -p 993`

## Actual results:

gnutls-cli command crashes with segmentation fault.

* Here is the output:

```
$ ./ucrt64/bin/gnutls-cli -d 1 imap.gmail.com -p 993
|<1>| There was a non-CA certificate in the trusted list: CN=y.
|<1>| There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation
,CN=Microsoft Root Authority.
|<1>| There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
|<1>| There was a non-CA certificate in the trusted list: CN=DESKTOP-IEGKK8M.
|<1>| There was a non-CA certificate in the trusted list: CN=Root Agency.
Processed 37 CA certificate(s).
Resolving 'imap.gmail.com:993'...
Connecting to '172.217.194.109:993'...
Segmentation fault
```

* Here is the backtrace from gdb:

```
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007ff6eed016da in system_write (ptr=0x3, data=0x223b158940b, data_size=396) at ../../gnutls-3.7.8/src/common.h:128
128             return send(hd->fd, data, data_size, 0);
(gdb) bt
#0  0x00007ff6eed016da in system_write (ptr=0x3, data=0x223b158940b, data_size=396) at ../../gnutls-3.7.8/src/common.h:128
#1  0x00007ffeb4445c59 in _gnutls_writev_emu (session=0x223b15844b0, fd=0x3, giovec=0xbb28ffcc90, giovec_cnt=1, vec=0) at ../../gnutls-3.7.8/lib/buffers.c:450
#2  0x00007ffeb4445e4d in _gnutls_writev (session=0x223b15844b0, giovec=0xbb28ffcc90, giovec_cnt=1, total=396) at ../../gnutls-3.7.8/lib/buffers.c:506
#3  0x00007ffeb4446622 in _gnutls_io_write_flush (session=0x223b15844b0) at ../../gnutls-3.7.8/lib/buffers.c:700
#4  0x00007ffeb4446db0 in _gnutls_handshake_io_write_flush (session=0x223b15844b0) at ../../gnutls-3.7.8/lib/buffers.c:839
#5  0x00007ffeb444da0d in _gnutls_send_handshake2 (session=0x223b15844b0, bufel=0x223b1588210, type=GNUTLS_HANDSHAKE_CLIENT_HELLO, queue_only=0) at ../../gnutls-3.7.8/lib/handshake.c:1450
#6  0x00007ffeb444d4ed in _gnutls_send_handshake (session=0x223b15844b0, bufel=0x223b1588210, type=GNUTLS_HANDSHAKE_CLIENT_HELLO) at ../../gnutls-3.7.8/lib/handshake.c:1287
#7  0x00007ffeb4451026 in send_client_hello (session=0x223b15844b0, again=0) at ../../gnutls-3.7.8/lib/handshake.c:2357
#8  0x00007ffeb4452a05 in handshake_client (session=0x223b15844b0) at ../../gnutls-3.7.8/lib/handshake.c:3052
#9  0x00007ffeb445248c in gnutls_handshake (session=0x223b15844b0) at ../../gnutls-3.7.8/lib/handshake.c:2884
#10 0x00007ff6eed055bd in do_handshake (rpl_socket=0xbb28ffe700) at ../../gnutls-3.7.8/src/cli.c:1855
#11 0x00007ff6eed0c79c in socket_open2 (hd=0xbb28ffe700, hostname=0x223af8851b0 "imap.gmail.com", service=0x7ff6eed35080 <service> "993", app_proto=0x0, flags=64, msg=0x7ff6eed2893b "Connecting to", rdata=0x0, edata=0x0, server_trace=0x0, client_trace=0x0) at ../../gnutls-3.7.8/src/socket.c:602
#12 0x00007ff6eed04347 in main (argc=6, argv=0x223af8729f0) at ../../gnutls-3.7.8/src/cli.c:1371
```

## Expected results:

After reverting the src/common.h hunk from this commit https://gitlab.com/gnutls/gnutls/-/commit/20f993aca3c08a779cd350bf2093d01a6309a32e, the program is working as expected.

* Here is the correct output:

```
$ ./ucrt64/bin/gnutls-cli -d 1 imap.gmail.com -p 993
|<1>| There was a non-CA certificate in the trusted list: CN=y.
|<1>| There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation
,CN=Microsoft Root Authority.
|<1>| There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
|<1>| There was a non-CA certificate in the trusted list: CN=DESKTOP-IEGKK8M.
|<1>| There was a non-CA certificate in the trusted list: CN=Root Agency.
Processed 37 CA certificate(s).
Resolving 'imap.gmail.com:993'...
Connecting to '172.217.194.109:993'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
...
...
goes on...
```

Previously reported here https://github.com/msys2/MINGW-packages/issues/14739

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1446
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230106/7ac11def/attachment-0001.html>

More information about the Gnutls-devel mailing list