touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #04878
[Bug 1310636] Re: Segmentation fault with self signed certificate
The crash itself is fixed by gtls: fix NULL pointer dereference /
386ed2d5904566cbc455a50ee7a57d70385e1f02. Released in 7.37.0
http://curl.haxx.se/changes.html)
I applied the patch gtls: fix NULL onto 7.35.0-1ubuntu2. The test program is now returning 'curl_easy_perform() failed: SSL connect error'.
Using 7.37.1 (on archlinux) the test program returning the website as expected. #1348564 should fix this bug
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1310636
Title:
Segmentation fault with self signed certificate
Status in “curl” package in Ubuntu:
Confirmed
Bug description:
When requesting an HTTPS url hxxps://harrowmedia.com/ (WARNING! known
to host malware), disabling options CURLOPT_SSL_VERIFYPEER and
CURLOPT_SSL_VERIFYHOST, libcurl3-gnutls produces a segmentation
fault:
(gdb) run
Starting program: /home/wiredrat/src/curl_poc/curl_gnutls https://harrowmedia.com/
[Depuración de hilo usando libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Nuevo Thread 0x7ffff2c2b700 (LWP 25858)]
[Thread 0x7ffff2c2b700 (LWP 25858) terminado]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e9db19 in gnutls_x509_crt_import () from /usr/lib/x86_64-linux-gnu/libgnutls.so.26
(gdb) bt
#0 0x00007ffff6e9db19 in gnutls_x509_crt_import () from /usr/lib/x86_64-linux-gnu/libgnutls.so.26
#1 0x00007ffff7bc1ec9 in gtls_connect_step3 (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0) at vtls/gtls.c:708
#2 0x00007ffff7bc2a7a in gtls_connect_common (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0, nonblocking=nonblocking@entry=true,
done=done@entry=0x7fffffffdde5) at vtls/gtls.c:918
#3 0x00007ffff7bc2e0d in Curl_gtls_connect_nonblocking (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0,
done=done@entry=0x7fffffffdde5) at vtls/gtls.c:933
#4 0x00007ffff7bc3540 in Curl_ssl_connect_nonblocking (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0, done=0x7fffffffdde5)
at vtls/vtls.c:293
#5 0x00007ffff7b86ffe in https_connecting (conn=0x65aa50, done=<optimized out>) at http.c:1354
#6 0x00007ffff7ba9571 in multi_runsingle (multi=multi@entry=0x6514f0, now=..., data=data@entry=0x648750) at multi.c:1195
#7 0x00007ffff7baa1c1 in curl_multi_perform (multi_handle=multi_handle@entry=0x6514f0,
running_handles=running_handles@entry=0x7fffffffdea4) at multi.c:1752
#8 0x00007ffff7ba1923 in easy_transfer (multi=0x6514f0) at easy.c:705
#9 easy_perform (events=false, data=0x648750) at easy.c:784
#10 curl_easy_perform (easy=0x648750) at easy.c:803
#11 0x0000000000400b06 in main ()
Attached PoC can reproduce the issue against this url. The problem do
not appear when linking against libcurl3-openssl. I suspect the
problem is related to malformed certificate.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1310636/+subscriptions