touch-packages team mailing list archive

Thread
Date
[Bug 1310636] Re: Segmentation fault with self signed certificate

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: lynxis lazus <1310636@xxxxxxxxxxxxxxxxxx>
Date: Sun, 27 Jul 2014 08:41:45 -0000
Reply-to: Bug 1310636 <1310636@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
The crash itself is fixed by gtls: fix NULL pointer dereference /
386ed2d5904566cbc455a50ee7a57d70385e1f02. Released in 7.37.0
http://curl.haxx.se/changes.html)

I applied the patch gtls: fix NULL onto 7.35.0-1ubuntu2. The test program is now returning 'curl_easy_perform() failed: SSL connect error'.
Using 7.37.1 (on archlinux) the test program returning the website as expected. #1348564 should fix this bug

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1310636

Title:
  Segmentation fault with self signed certificate

Status in “curl” package in Ubuntu:
  Confirmed

Bug description:
  When requesting an HTTPS url hxxps://harrowmedia.com/ (WARNING! known
  to host malware), disabling options CURLOPT_SSL_VERIFYPEER and
  CURLOPT_SSL_VERIFYHOST,  libcurl3-gnutls produces a segmentation
  fault:

  (gdb) run
  Starting program: /home/wiredrat/src/curl_poc/curl_gnutls https://harrowmedia.com/
  [Depuración de hilo usando libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  [Nuevo Thread 0x7ffff2c2b700 (LWP 25858)]
  [Thread 0x7ffff2c2b700 (LWP 25858) terminado]

  Program received signal SIGSEGV, Segmentation fault.
  0x00007ffff6e9db19 in gnutls_x509_crt_import () from /usr/lib/x86_64-linux-gnu/libgnutls.so.26
  (gdb) bt
  #0  0x00007ffff6e9db19 in gnutls_x509_crt_import () from /usr/lib/x86_64-linux-gnu/libgnutls.so.26
  #1  0x00007ffff7bc1ec9 in gtls_connect_step3 (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0) at vtls/gtls.c:708
  #2  0x00007ffff7bc2a7a in gtls_connect_common (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0, nonblocking=nonblocking@entry=true, 
      done=done@entry=0x7fffffffdde5) at vtls/gtls.c:918
  #3  0x00007ffff7bc2e0d in Curl_gtls_connect_nonblocking (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0, 
      done=done@entry=0x7fffffffdde5) at vtls/gtls.c:933
  #4  0x00007ffff7bc3540 in Curl_ssl_connect_nonblocking (conn=conn@entry=0x65aa50, sockindex=sockindex@entry=0, done=0x7fffffffdde5)
      at vtls/vtls.c:293
  #5  0x00007ffff7b86ffe in https_connecting (conn=0x65aa50, done=<optimized out>) at http.c:1354
  #6  0x00007ffff7ba9571 in multi_runsingle (multi=multi@entry=0x6514f0, now=..., data=data@entry=0x648750) at multi.c:1195
  #7  0x00007ffff7baa1c1 in curl_multi_perform (multi_handle=multi_handle@entry=0x6514f0, 
      running_handles=running_handles@entry=0x7fffffffdea4) at multi.c:1752
  #8  0x00007ffff7ba1923 in easy_transfer (multi=0x6514f0) at easy.c:705
  #9  easy_perform (events=false, data=0x648750) at easy.c:784
  #10 curl_easy_perform (easy=0x648750) at easy.c:803
  #11 0x0000000000400b06 in main ()

  Attached PoC can reproduce the issue against this url. The problem do
  not appear when linking against libcurl3-openssl. I suspect the
  problem is related to malformed certificate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1310636/+subscriptions