[gnutls-dev] address@hidden: Bug#187434: libgnutls5: OpenPGP certificates deadlock]

[Ivo Timmermans]

FYI.


        Ivo

-- 
Norton SystemWorks 2002 includes a file erasure program called Wipe
Info.  In the manual (page 160), we learn that "Wipe Info uses
hexadecimal values to wipe files.  This provides more security than
wiping with decimal values."  - Bruce Schneier
> --- Begin Message ---
>
>
>
> Subject: 
>
> Bug#187434: libgnutls5: OpenPGP certificates deadlock
>
>
>
>
> Date: 
>
> Thu, 03 Apr 2003 12:53:42 +0200
>
>
>
>
> User-agent: 
>
> Wanderlust/2.10.0 (Venus) Emacs/21.2 Mule/5.0 (SAKAKI)
>
>
>
>
> Package: libgnutls5
> Version: 0.8.6-1
> Severity: important
> Tags: upstream patch
>
> There is a bug in libextra/gnutls_openpgp.c, which results in an
> infinite-loop when using OpenPGP certificates. The problem lies in
> gnutls_certificate_set_openpgp_key_file and stream_to_datum (provided
> that my analysis is correct).
>
> gnutls_certificate_set_openpgp_key_file reads the file, parses it, and
> so on, until it gets an EOF or an error. However, stream_to_datum()
> seeks back to the beginning of the stream every time. Both at the
> beginning (which is probably okay, since the stream should only
> contain one key anyway), and one after it converted it. That is
> probably bogus.
>
> After removing the second call to cdk_stream_seek(),
> gnutls_certificate_set_openpgp_key_file successfully gets out of the
> while (!rc) loop. However, it fails the `if( rc == CDK_EOF && i > 1)'
> check. Since - as far as I can grok the sources - i should be the
> number of certificates/entries/whatever in the keyfile, and the file
> should only contain one such thing according to the documentation, I
> think that the second half of the check should allow i to be 1.
>
> After these two trivial fixes, OpenPGP support appears to
> work. However, I'm quite sure that either my "fix" is bogus, or I
> generated wrong keys for the test application (I'm testing with
> gnutls-cli and gnutls-serv, by the way).
>
> I also see that there have been changes to
> gnutls_certificate_set_openpgp_key_file in upstream CVS, but I didn't
> have the time to test with a CVS snapshot yet. I will follow up to
> this bugreport after I did.
>
> In the meantime, below is the patch I came up with:
>
> diff -u -ur gnutls5-0.8.6/libextra/gnutls_openpgp.c 
> gnutls5-work/libextra/gnutls_openpgp.c
> --- gnutls5-0.8.6/libextra/gnutls_openpgp.c     2003-02-04 13:52:25.000000000 
> +0100
> +++ gnutls5-work/libextra/gnutls_openpgp.c      2003-04-03 12:33:27.000000000 
> +0200
> @@ -271,7 +271,6 @@
>          datum_append( raw, buf, nread );
>          nbytes += nread;
>      }
> -    cdk_stream_seek( inp, 0 );
>      if( !nbytes )
>          rc = GNUTLS_E_INTERNAL_ERROR;
>  
> @@ -747,7 +746,7 @@
>              }
>          }
>      }
> -    if( rc == CDK_EOF && i > 1 )
> +    if( rc == CDK_EOF && i >= 1 )
>          rc = 0;
>      cdk_stream_close( inp );
>      if( rc ) {
>
> --- End Message ---