[gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees output argument in some conditions (#1535)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Mar 24 21:03:42 CET 2024

Adrien Béraud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1535

We were previously using `gnutls_privkey_decrypt_data` this way:

    gnutls_datum_t out;
    int err = gnutls_privkey_decrypt_data(key, 0, &dat, &out);
as the documentation for gnutls_privkey_decrypt_data makes no requirement for `out`.

However since the last release 3.8.4, this would cause a crash when the decryption fails,
because `gnutls_privkey_decrypt_data` would attempt to free the buffer pointed by `out`, which would be occasional crashes since out is uninitialized and might point to random values.

This can be easily fixed by initializing out to a null pointer,<br>
however I believe this is a GnuTLS bug because [the documentation](https://gnutls.org/reference/gnutls-abstract.html#gnutls-privkey-decrypt-data) specifies `plaintext`(`out`) as an output-only argument.
Best regards

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/3795d732/attachment.html>

More information about the Gnutls-devel mailing list