touch-packages team mailing list archive

Thread
Date
[Bug 1368099] Re: libcurl3-gnutls application crashes with NULL-pointer deref

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Roman Fiedler <roman.fiedler@xxxxxxxxx>
Date: Thu, 11 Sep 2014 09:05:27 -0000
Reply-to: Bug 1368099 <1368099@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Seems to be similar to [1], although cause in [1] to end up at the very
same position might due to another problem also in transmission.

[1] https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1304004

** Also affects: curl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: zabbix (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1368099

Title:
  libcurl3-gnutls application crashes with NULL-pointer deref

Status in “curl” package in Ubuntu:
  New
Status in “transmission” package in Ubuntu:
  New
Status in “zabbix” package in Ubuntu:
  New

Bug description:
  Bug occurs when interacting with some but not all SSL-webservers, so
  it seems to be triggered by the remote side, crashing a zabbix
  monitoring system when connecting to a problematic Apache 2.4 server
  in my case.

  Program received signal SIGSEGV, Segmentation fault.
  gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
      at x509.c:176
  176 x509.c: No such file or directory.
  (gdb) bt
  #0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
      format=GNUTLS_X509_FMT_DER) at x509.c:176
  #1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #7 0xb6e888a0 in curl_multi_perform ()
     from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #8 0xb6e7f6fb in curl_easy_perform ()
     from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
  #9 0xb76be6aa in process_httptests ()
  #10 0xb76bca56 in main_httppoller_loop ()
  #11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
  #12 0xb76ef49b in daemon_start ()
  #13 0xb7690abf in main ()

  According to [1], calling the function with data=NULL seems forbidden. It seems, that [2] is a similar report for curl. The upstream patch seems to be announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0 - May 21 2014".
  Also the packages in Unicorn should already include the patch but adding it on Trusty (production) seems not a good idea due to change in package dependencies.

  # lsb_release -rd
  Description:    Ubuntu 14.04.1 LTS
  Release:        14.04

  # apt-cache policy libcurl3-gnutls
  libcurl3-gnutls:
    Installed: 7.35.0-1ubuntu2
    Candidate: 7.35.0-1ubuntu2
    Version table:
   *** 7.35.0-1ubuntu2 0
          500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages
          100 /var/lib/dpkg/status

  [1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
  [2] http://curl.haxx.se/mail/lib-2014-04/0145.html
  [3] http://curl.haxx.se/changes.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1368099/+subscriptions