[Help-gnutls] segfault in internal function

Regit regit at inl.fr
Wed Apr 27 17:46:32 CEST 2005 

Hi,

Sorry to be so noisy today but it seems that gnutls_assert is not a quit
function. 
Thus we really do 	 
	ciphertext.data[-1]
in file gnutls_cipher.c:453 under the bad condition detailled below.

BR,

Le mercredi 27 avril 2005 à 16:32 +0200, Eric Leblond a écrit :
> Hi,
> 
> The problem is here but it is quite weird :
> 
>  for (i=2;i<pad;i++) {
> 	if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1])
> }
> 
> But at crash time I've got (taken from gdb):
> 	pad = 148 '\224'
> 	i = 129
> 	ciphertext.size = 128
> 
> so it try to do :
> 	ciphertext.data[-1] 
> 
> It crashes there but the problem is that previous to this there is :
> 
> if (pad > ciphertext.size - hash_size) {
>                         gnutls_assert();
>                         /* We do not fail here. We check below for the
>                          * the pad_failed. If zero means success.
>                          */
>                         pad_failed = GNUTLS_E_DECRYPTION_FAILED;
>                 }
> 
> So we could not be here.
> 
> It seems we've got some concurrent accesses or modifications of data in
> ciphertext.
> 
> What do you think of this ? Could this come from my code ?
> 
> 
> > Hi,
> > 
> > I'm writing back on this thread because my investigations bring me to a
> > point where I found the point where the crash occurs (using
> > gnutls-1.0.24).
> > 
> > In a gdb session I've got :
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > [Switching to Thread 1384118640 (LWP 22734)]
> > 0x00002aaaab1f8bf8 in _gnutls_ciphertext2compressed (session=0x5efea0, compress_data=0x60f210 "\001", compress_size=16384, ciphertext=
> >       {data = 0x5f25f5 "g\233ž\vq\022@?æ\037\027·\001¬íus\t§Ïš\233\2106âêÂH\203\020\206°\203\213øÆ£Ô\005ÙÙëúú'®V±\205æ®1", size = 48}, type=22 '\026')
> >     at gnutls_cipher.c:453
> > 453                             if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1])
> > 
> > backtrace gives me :
> > 
> > #0  0x00002aaaab1f8bf8 in _gnutls_ciphertext2compressed (session=0x5efea0, compress_data=0x60f210 "\001", compress_size=16384, ciphertext=
> >       {data = 0x5f25f5 "g\233ž\vq\022@?æ\037\027·\001¬íus\t§Ïš\233\2106âêÂH\203\020\206°\203\213øÆ£Ô\005ÙÙëúú'®V±\205æ®1", size = 48}, type=22 '\026')
> >     at gnutls_cipher.c:453
> > #1  0x00002aaaab1f8330 in _gnutls_decrypt (session=0x5efea0,
> >     ciphertext=0x5f25f5 "g\233ž\vq\022@?æ\037\027·\001¬íus\t§Ïš\233\2106âêÂH\203\020\206°\203\213øÆ£Ô\005ÙÙëúú'®V±\205æ®1", ciphertext_size=48,
> >     data=0x60f210 "\001", data_size=16384, type=GNUTLS_HANDSHAKE) at gnutls_cipher.c:124
> > #2  0x00002aaaab1f769e in _gnutls_recv_int (session=0x5efea0, type=GNUTLS_HANDSHAKE, htype=GNUTLS_FINISHED, data=0x5f0890 "\017", sizeofdata=1)
> >     at gnutls_record.c:759
> > #3  0x00002aaaab1faf26 in _gnutls_handshake_io_recv_int (session=0x5efea0, type=GNUTLS_HANDSHAKE, htype=GNUTLS_FINISHED, iptr=0x5f0890, sizeOfPtr=1)
> >     at gnutls_buffers.c:866
> > #4  0x00002aaaab1fcec9 in _gnutls_recv_handshake_header (session=0x5efea0, type=GNUTLS_FINISHED, recv_type=0x527ff63c) at gnutls_handshake.c:845
> > #5  0x00002aaaab1fd3d8 in _gnutls_recv_handshake (session=0x5efea0, data=0x527ff698, datalen=0x527ff68c, type=GNUTLS_FINISHED, optional=MANDATORY_PACKET)
> >     at gnutls_handshake.c:995
> > #6  0x00002aaaab1fc264 in _gnutls_recv_finished (session=0x5efea0) at gnutls_handshake.c:460
> > #7  0x00002aaaab1fff9d in _gnutls_recv_handshake_final (session=0x5efea0, init=1) at gnutls_handshake.c:2165
> > #8  0x00002aaaab200900 in _gnutls_handshake_common (session=0x5efea0) at gnutls_handshake.c:2293
> > #9  0x00002aaaab1ff2e8 in gnutls_handshake (session=0x5efea0) at gnutls_handshake.c:1920
> > #10 0x000000000040b287 in tls_connect (c=39, session_ptr=0x527ff798) at tls.c:916
> > #11 0x000000000040b46b in tls_sasl_connect (userdata=0x5dc500, data=0x5f25f5) at tls.c:984
> > #12 0x00002aaaaaf08676 in g_static_rw_lock_free () from /usr/lib/libglib-2.0.so.0
> > #13 0x00002aaaaaf07442 in g_static_private_free () from /usr/lib/libglib-2.0.so.0
> > #14 0x00002aaaab481b55 in start_thread () from /lib/libpthread.so.0
> > #15 0x00002aaaab662630 in clone () from /lib/libc.so.6
> > 
> > Could someone point me to what's going on ? 
> > 
> > I try as said in previous mail to declare thread but it does not change
> > anything (But it still use this declaration). 
> > 
> > Any tips really welcome !
> > 
> > BR,
> > 
> > 
> > Le jeudi 14 avril 2005 à 11:19 +0200, Nikos Mavrogiannopoulos a écrit :
> > > On Wednesday 13 April 2005 11:17, Eric Leblond wrote:
> > > 
> > > Hello Eric,
> > > 
> > > > * callback need to be declare everywhere or just before
> > > > gnutls_global_init ?
> > > Yes, only before this function.
> > > 
> > > > * I use glib in the program. It hides pthread functions behind his own
> > > > function. Is it sufficient to declare :
> > > > GCRY_THREAD_OPTION_PTHREAD_IMPL;
> > > I'm not really sure that this is sufficient. It depends on the internals
> > > of glib, that I don't know. So you need to make your own locking callbacks and 
> > > register them as shown in the documentation.
> > 
> > -- 
> > Éric Leblond, eleblond at inl.fr
> > Téléphone : 01 44 89 46 40, Fax : 01 44 89 45 01
> > INL, http://www.inl.fr
> > 
> > 
> > 
> > _______________________________________________
> > Help-gnutls mailing list
> > Help-gnutls at gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-gnutls

More information about the Gnutls-help mailing list