[gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session attack

[Simon Josefsson]

Andreas Metzler <address@hidden> writes:

> On 2006-09-08 Simon Josefsson <address@hidden> wrote:
> [...]
>> The patch that fixes this is for lib/x509/verify.c, see below.
>
> [...]
>> --- /cvs/gnutls/gnutls/lib/x509/verify.c     2005/11/07 23:28:02     1.52
>> +++ /cvs/gnutls/gnutls/lib/x509/verify.c     2006/09/08 13:38:55     1.52.2.1
>>  <at>  <at>  -1,5 +1,5  <at>  <at> 
>>  /*
>> - * Copyright (C) 2003, 2004, 2005 Free Software Foundation
>> + * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation
>>   *
>>   * Author: Nikos Mavroyanopoulos
>>   *
>>  <at>  <at>  -505,6 +505,15  <at>  <at> 
>>        return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
>>      }
>
>> +  len = sizeof (str) - 1;
>> +  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", NULL, 
>> &len);
>> +  if (result != ASN1_ELEMENT_NOT_FOUND)
>> +    {
>> +      gnutls_assert ();
>> +      asn1_delete_structure (&dinfo);
>> +      return _gnutls_asn2err (result);
>> +    }
>> +
>>    result = asn1_read_value (dinfo, "digest", digest, digest_size);
>>    if (result != ASN1_SUCCESS)
>>      {
>
> Hello,
> This seems to cause breakage with mutt, muttng and OpenLDAP.
> http://bugs.debian.org/386643
> http://bugs.debian.org/386680
>
> The asn1_read_value() segfaults under certain conditions (libtasn1-3
> 0.3.5).
>
> I have been able to reproduce the segfault using mutt 1.5.13 and
> gnutls 1.0.16 + the patch quoted above on imaps:m26s25.vlinux.de, but
> have been unable to find the reason.

Can you reproduce it in gnutls 1.4.x?  Could you debug this and find
out exactly what instruction is crashing?  Perhaps your gnutls 1.0.16
was built with the internal (and _old_) version of libtasn1?

If you change the line into:

  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", digest, &len);

does it work?

It seems weird that this works with gnutls 1.4 but not gnutls 1.0 if
the crash is in libtasn1.

/Simon