[Help-gnutls] Re: gnutls_record_send() problem
Simon Josefsson
simon at josefsson.org
Wed Jan 23 18:22:54 CET 2008
Laurent Birtz <laurent.birtz at kryptiva.com> writes:
> Nikos Mavrogiannopoulos wrote:
>> On Monday 21 January 2008, Laurent Birtz wrote:
>>
>>> I've encountered a weird problem with the stock code examples (anonymous
>>> server and client). By itself the example works fine, but if I replace
>>> the string sent ("GET / HTTP/1.0\r\n\r\n") by a zeroed buffer, then the
>>> client hangs. This does not occur if I send a buffer containing bytes
>>> with the value 1.
>>>
>>
>> Where does the client hang? gnutls does not parse or use the data to
>> be sent in any way, so it's quite unlikely that sending nulls hangs
>> gnutls.
>>
> OK, I found the problem. The server calls strlen() on the buffer,
> which result in 0 bytes being sent to the client, c.f.
> gnutls_record_send (session, buffer, strlen (buffer)) instead of
> gnutls_record_send (session, buffer, ret).
The gnutls_record_send function takes a buffer and a length indicator,
so the first seems OK to me. The latter would be incorrect, 'ret' is
used as the return value in that function, not a length indicator.
Maybe you could clarify what change you are thinking of?
>> gnutls does not parse or use the data to be sent in any way
>
> In version 2.0.4-1, valgrind was passing me this warning when I run it on
> the example. I assumed some kind of compression bug was going on in when I
> used a zeroed buffer.
>
> ==1785== Conditional jump or move depends on uninitialised value(s)
> ==1785== at 0x4235432: (within /usr/lib/libz.so.1.2.3.3)
> ==1785== by 0x4235DCF: deflate (in /usr/lib/libz.so.1.2.3.3)
> ==1785== by 0x406128B: _gnutls_compress (in /usr/lib/libgnutls.so.13.9.1)
> ==1785== by 0x40541FD: _gnutls_m_plaintext2compressed (in /usr/lib/libgnutls.so.13.9.1)
> ==1785== by 0x4054A13: _gnutls_encrypt (in /usr/lib/libgnutls.so.13.9.1)
> ==1785== by 0x4052C5D: _gnutls_send_int (in /usr/lib/libgnutls.so.13.9.1)
> ==1785== by 0x4052F0A: gnutls_record_send (in /usr/lib/libgnutls.so.13.9.1)
> ==1785== by 0x8048D6B: main (ex-client1.c:73)
I can't reproduce this. Are you using the verbatim example source code?
Below is what 'valgrind ./ex-client1' prints for me when ex-serv-anon is
running.
/Simon
==9416== Memcheck, a memory error detector.
==9416== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9416== Using LibVEX rev 1804, a library for dynamic binary translation.
==9416== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9416== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework.
==9416== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9416== For more details, rerun with: -v
==9416==
- Handshake was completed
- Received 18 bytes: GET / HTTP/1.0
==9416==
==9416== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 23 from 1)
==9416== malloc/free: in use at exit: 2,321 bytes in 39 blocks.
==9416== malloc/free: 6,006 allocs, 5,967 frees, 302,300 bytes allocated.
==9416== For counts of detected errors, rerun with: -v
==9416== searching for pointers to 39 not-freed blocks.
==9416== checked 119,308 bytes.
==9416==
==9416== 120 bytes in 5 blocks are still reachable in loss record 1 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x4048DEF: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404563B: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045839: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4049A66: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404C633: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404C913: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045B4D: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4046171: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4044C7C: gcry_check_version (in /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40DAC25: gnutls_global_init (gnutls_global.c:241)
==9416== by 0x8048C2B: main (ex-client1.c:40)
==9416==
==9416==
==9416== 129 bytes in 1 blocks are definitely lost in loss record 2 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x40D7B73: _gnutls_mpi_dprint_lz (gnutls_mpi.c:146)
==9416== by 0x40E3EC0: _gnutls_dh_set_peer_public (gnutls_state.c:474)
==9416== by 0x40E9580: _gnutls_proc_dh_common_server_kx (auth_dh_common.c:297)
==9416== by 0x40D3710: proc_anon_server_kx (auth_anon.c:168)
==9416== by 0x40CEDA8: _gnutls_recv_server_kx_message (gnutls_kx.c:401)
==9416== by 0x40CB35E: _gnutls_handshake_client (gnutls_handshake.c:2342)
==9416== by 0x40CBC59: gnutls_handshake (gnutls_handshake.c:2238)
==9416== by 0x8048CA3: main (ex-client1.c:63)
==9416==
==9416==
==9416== 312 bytes in 13 blocks are still reachable in loss record 3 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x4048DEF: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404563B: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045839: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4049A66: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40547AF: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4054823: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045B44: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4046171: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4044C7C: gcry_check_version (in /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40DAC25: gnutls_global_init (gnutls_global.c:241)
==9416== by 0x8048C2B: main (ex-client1.c:40)
==9416==
==9416==
==9416== 432 bytes in 18 blocks are still reachable in loss record 4 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x4048DEF: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404563B: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045839: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4049A66: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404A451: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404A513: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045B14: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4046171: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4044C7C: gcry_check_version (in /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40DAC25: gnutls_global_init (gnutls_global.c:241)
==9416== by 0x8048C2B: main (ex-client1.c:40)
==9416==
==9416==
==9416== 664 bytes in 1 blocks are still reachable in loss record 5 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x4045606: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045839: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404585D: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40458EC: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x405829B: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4058ECE: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4042C7A: gcry_randomize (in /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40F211B: gc_pseudo_random (gc-libgcrypt.c:83)
==9416== by 0x40DAE2D: gnutls_global_init (gnutls_global.c:307)
==9416== by 0x8048C2B: main (ex-client1.c:40)
==9416==
==9416==
==9416== 664 bytes in 1 blocks are still reachable in loss record 6 of 6
==9416== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==9416== by 0x4045606: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4045839: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x404585D: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40458EC: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40581DB: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4058ECE: (within /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x4042C7A: gcry_randomize (in /usr/lib/libgcrypt.so.11.4.3)
==9416== by 0x40F211B: gc_pseudo_random (gc-libgcrypt.c:83)
==9416== by 0x40DAE2D: gnutls_global_init (gnutls_global.c:307)
==9416== by 0x8048C2B: main (ex-client1.c:40)
==9416==
==9416== LEAK SUMMARY:
==9416== definitely lost: 129 bytes in 1 blocks.
==9416== possibly lost: 0 bytes in 0 blocks.
==9416== still reachable: 2,192 bytes in 38 blocks.
==9416== suppressed: 0 bytes in 0 blocks.
More information about the Gnutls-help
mailing list