<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">
<p class="details" style="font-style: italic; color: #737278;">
<a href="https://gitlab.com/yixiangzhike">yixiangzhike yixiangzhike</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1527">#1527</a>
</p>
<div class="md" style="color: #333238; word-wrap: break-word;">
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Certtool core dump when use it to verify a PEM encoded certificate chain if more than 16 certificates.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Steps to Reproduce:
<code style='font-size: 0.875rem; color: #1f1e24; word-wrap: break-word; background-color: #ececef; border-radius: 4px; margin-top: 0; font-weight: inherit; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'># certtool --infile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -e</code></p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">The stacks:
<code style='font-size: 0.875rem; color: #1f1e24; word-wrap: break-word; background-color: #ececef; border-radius: 4px; margin-top: 0; font-weight: inherit; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>Reading symbols from certtool... Reading symbols from /usr/lib/debug//usr/bin/certtool-3.8.0-3.x86_64.debug... [New LWP 113834] [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib64/libthread_db.so.1". Core was generated by </code>certtool --infile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -e'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=, signo=signo@entry=6, no_tid=no_tid@entry=0)
at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0 __pthread_kill_implementation (threadid=, signo=signo@entry=6, no_tid=no_tid@entry=0)
at pthread_kill.c:44
<a href="https://gitlab.com/gnutls/gnutls/-/issues/1" data-reference-type="issue" data-original="#1" data-link="false" data-link-reference="false" data-project="179611" data-issue="157930" data-project-path="gnutls/gnutls" data-iid="1" data-issue-type="issue" data-container="body" data-placement="top" title="gnutls_pkcs11_privkey_generate2 does not set CKA_ID" class="gfm gfm-issue">#1 (closed)</a> 0x00007fe0c54fdf53 in __pthread_kill_internal (signo=6, threadid=) at pthread_kill.c:78
<a href="https://gitlab.com/gnutls/gnutls/-/issues/2" data-reference-type="issue" data-original="#2" data-link="false" data-link-reference="false" data-project="179611" data-issue="172979" data-project-path="gnutls/gnutls" data-iid="2" data-issue-type="issue" data-container="body" data-placement="top" title="Gnutls 3.3.X + Wine = problem" class="gfm gfm-issue">#2 (closed)</a> 0x00007fe0c54b1d56 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
<a href="https://gitlab.com/gnutls/gnutls/-/issues/3" data-reference-type="issue" data-original="#3" data-link="false" data-link-reference="false" data-project="179611" data-issue="176000" data-project-path="gnutls/gnutls" data-iid="3" data-issue-type="issue" data-container="body" data-placement="top" title="DNS Name Constraints with leading dot" class="gfm gfm-issue">#3 (closed)</a> 0x00007fe0c549d197 in __GI_abort () at abort.c:79
<a href="https://gitlab.com/gnutls/gnutls/-/issues/4" data-reference-type="issue" data-original="#4" data-link="false" data-link-reference="false" data-project="179611" data-issue="189064" data-project-path="gnutls/gnutls" data-iid="4" data-issue-type="issue" data-container="body" data-placement="top" title="certtool: parse CSR files with -i" class="gfm gfm-issue">#4</a> 0x00007fe0c54f2037 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7fe0c562b5d9 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
<a href="https://gitlab.com/gnutls/gnutls/-/issues/5" data-reference-type="issue" data-original="#5" data-link="false" data-link-reference="false" data-project="179611" data-issue="189629" data-project-path="gnutls/gnutls" data-iid="5" data-issue-type="issue" data-container="body" data-placement="top" title="certtool --outder --generate-dh-params produces PEM-encoded output" class="gfm gfm-issue">#5 (closed)</a> 0x00007fe0c558dd3a in __GI___fortify_fail (msg=msg@entry=0x7fe0c562b57f "buffer overflow detected")
at fortify_fail.c:26
<a href="https://gitlab.com/gnutls/gnutls/-/issues/6" data-reference-type="issue" data-original="#6" data-link="false" data-link-reference="false" data-project="179611" data-issue="190022" data-project-path="gnutls/gnutls" data-iid="6" data-issue-type="issue" data-container="body" data-placement="top" title="GnuTLS 3.3.14 breaks against Guile with Clang" class="gfm gfm-issue">#6 (closed)</a> 0x00007fe0c558c656 in __GI___chk_fail () at chk_fail.c:28
<a href="https://gitlab.com/gnutls/gnutls/-/issues/7" data-reference-type="issue" data-original="#7" data-link="false" data-link-reference="false" data-project="179611" data-issue="199382" data-project-path="gnutls/gnutls" data-iid="7" data-issue-type="issue" data-container="body" data-placement="top" title="3.4.0 does not compile on OS X" class="gfm gfm-issue">#7 (closed)</a> 0x00007fe0c5c5bebd in memcpy (__len=1160, __src=0x555bd8056110, __dest=0x7ffdcaec35a0)
at /usr/include/bits/string_fortified.h:29
<a href="https://gitlab.com/gnutls/gnutls/-/issues/8" data-reference-type="issue" data-original="#8" data-link="false" data-link-reference="false" data-project="179611" data-issue="216500" data-project-path="gnutls/gnutls" data-iid="8" data-issue-type="issue" data-container="body" data-placement="top" title="Cross build of GnuTLS 3.3.14 for ARM links against build system libraries" class="gfm gfm-issue">#8 (closed)</a> gnutls_x509_trust_list_verify_crt2 (list=0x555bd80548d0, cert_list=0x555bd8056110, cert_list_size=145,
data=data@entry=0x0, elements=elements@entry=0, flags=4, voutput=0x7ffdcaec3758,
func=0x555bd61b2190 <detailed_verification>) at verify-high.c:1475
<a href="https://gitlab.com/gnutls/gnutls/-/issues/9" data-reference-type="issue" data-original="#9" data-link="false" data-link-reference="false" data-project="179611" data-issue="221163" data-project-path="gnutls/gnutls" data-iid="9" data-issue-type="issue" data-container="body" data-placement="top" title="Add support for RFC 7507" class="gfm gfm-issue">#9 (closed)</a> 0x00007fe0c5c5cdc5 in gnutls_x509_trust_list_verify_crt (list=, cert_list=,
cert_list_size=, flags=, voutput=, func=)
at verify-high.c:1337
<a href="https://gitlab.com/gnutls/gnutls/-/issues/10" data-reference-type="issue" data-original="#10" data-link="false" data-link-reference="false" data-project="179611" data-issue="233693" data-project-path="gnutls/gnutls" data-iid="10" data-issue-type="issue" data-container="body" data-placement="top" title="libidn usage in gnutls" class="gfm gfm-issue">#10 (closed)</a> 0x0000555bd61b2dd5 in _verify_x509_mem (cert=0x7fe0c52bc010, cert_size=223196, cinfo=,
use_system_trust=, purpose=0x0, hostname=0x0, email=0x0) at certtool.c:2496
<a href="https://gitlab.com/gnutls/gnutls/-/issues/11" data-reference-type="issue" data-original="#11" data-link="false" data-link-reference="false" data-project="179611" data-issue="240725" data-project-path="gnutls/gnutls" data-iid="11" data-issue-type="issue" data-container="body" data-placement="top" title="Gnutls should use MSG_NOSIGNAL when writing to a socket" class="gfm gfm-issue">#11 (closed)</a> 0x0000555bd61b771f in verify_certificate (cinfo=) at certtool.c:2584
<a href="https://gitlab.com/gnutls/gnutls/-/issues/12" data-reference-type="issue" data-original="#12" data-link="false" data-link-reference="false" data-project="179611" data-issue="276926" data-project-path="gnutls/gnutls" data-iid="12" data-issue-type="issue" data-container="body" data-placement="top" title="SSL Handhake Error" class="gfm gfm-issue">#12 (closed)</a> cmd_parser (argc=, argv=) at certtool.c:1493
<a href="https://gitlab.com/gnutls/gnutls/-/issues/13" data-reference-type="issue" data-original="#13" data-link="false" data-link-reference="false" data-project="179611" data-issue="281981" data-project-path="gnutls/gnutls" data-iid="13" data-issue-type="issue" data-container="body" data-placement="top" title="gnutls-cli-debug should emit DHE params to stdout/stderr, but not to debug-dh.out unless explicitly requested" class="gfm gfm-issue">#13</a> 0x0000555bd61b084a in main (argc=3, argv=0x7ffdcaec3b88) at certtool.c:131
(gdb) f 8
<a href="https://gitlab.com/gnutls/gnutls/-/issues/8" data-reference-type="issue" data-original="#8" data-link="false" data-link-reference="false" data-project="179611" data-issue="216500" data-project-path="gnutls/gnutls" data-iid="8" data-issue-type="issue" data-container="body" data-placement="top" title="Cross build of GnuTLS 3.3.14 for ARM links against build system libraries" class="gfm gfm-issue">#8 (closed)</a> gnutls_x509_trust_list_verify_crt2 (list=0x555bd80548d0, cert_list=0x555bd8056110, cert_list_size=145,
data=data@entry=0x0, elements=elements@entry=0, flags=4, voutput=0x7ffdcaec3758,
func=0x555bd61b2190 <detailed_verification>) at verify-high.c:1475
1475 <strong style="font-weight: bold;">memcpy</strong>(<strong style="font-weight: bold;">sorted</strong>, cert_list, <strong style="font-weight: bold;">cert_list_size</strong> * sizeof(gnutls_x509_crt_t));
(gdb) p cert_list_size
$1 = <strong style="font-weight: bold;">145</strong>
(gdb) ptype <strong style="font-weight: bold;">sorted</strong>
type = struct gnutls_x509_crt_int {
asn1_node cert;
int use_extensions;
unsigned int expanded;
unsigned int modified;
unsigned int flags;
struct pin_info_st pin;
gnutls_datum_t raw_dn;
gnutls_datum_t raw_issuer_dn;
gnutls_datum_t raw_spki;
gnutls_datum_t der;
gnutls_subject_alt_names_t san;
gnutls_subject_alt_names_t ian;
gnutls_x509_dn_st dn;
gnutls_x509_dn_st idn;
} *[<strong style="font-weight: bold;">16</strong>]
(gdb)
`</p>
<p dir="auto" style="color: #333238; margin: 0;" align="initial">Missing the checking of cert_list_size for function gnutls_x509_trust_list_verify_crt2 in the commit <a href="https://gitlab.com/gnutls/gnutls/-/commit/ebb19db9165fed30d73c83bab1b1b8740c132dfd#354f9842fb374676880f1b9cfcbb4c28abe5b38f_1314_1376" data-reference-type="commit" data-original="x509: rework issuer callback " data-link="true" data-link-reference="true" data-project="179611" data-commit="ebb19db9165fed30d73c83bab1b1b8740c132dfd" data-container="body" data-placement="top" title="x509: rework issuer callback" class="gfm gfm-commit has-tooltip" style='font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; font-variant-ligatures: none; font-size: 95%; margin-top: 0;'>x509: rework issuer callback </a>.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1527">view it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/926e834965f51a8fd6f4f5247a41170c/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1527"}}</script>
</p>
</div>
</body>
</html>